Windows Analysis Report
SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi

Overview

General Information

Sample name: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi
Analysis ID: 1520637
MD5: 96c976c658e8b4e145acd0018af782d9
SHA1: 54931426f0bdf779e208339a60870503859677d9
SHA256: e92f49b13affdc1a1626c3bf922c651faccd20f6455fa6d728875a00d30c0cbe
Tags: msi
Infos:

Detection

AteraAgent
Score: 100
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Multi AV Scanner detection for dropped file
System process connects to network (likely due to code injection or exploit)
Yara detected AteraAgent
AI detected suspicious sample
Changes security center settings (notifications, updates, antivirus, firewall)
Creates files in the system32 config directory
Installs Task Scheduler Managed Wrapper
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Query firmware table information (likely to detect VMs)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
AV process strings found (often used to terminate AV products)
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Checks if the current process is being debugged
Contains capabilities to detect virtual machines
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Contains functionality to detect virtual machines (SGDT)
Contains functionality to dynamically determine API calls
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains long sleeps (>= 3 min)
Creates COM task schedule object (often to register a task for autostart)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Extensive use of GetProcAddress (often used to hide API calls)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
Is looking for software installed on the system
May sleep (evasive loops) to hinder dynamic analysis
Modifies existing windows services
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the product ID of Windows
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: WSF/JSE/JS/VBA/VBE File Execution Via Cscript/Wscript
Stores large binary data to the registry
Uses Microsoft's Enhanced Cryptographic Provider
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

AV Detection
barindex
Multi AV Scanner detection for dropped file
Source: 3dfa4c.rbf (copy) ReversingLabs: Detection: 21%
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe ReversingLabs: Detection: 21%
AI detected suspicious sample
Source: Submited Sample Integrated Neural Analysis Model: Matched 96.0% probability
Uses Microsoft's Enhanced Cryptographic Provider
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03564BC0 CryptAcquireContextW,GetLastError,CryptReleaseContext,CryptReleaseContext,CryptReleaseContext, 45_2_00007FFB03564BC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03564DE0 CryptReleaseContext, 45_2_00007FFB03564DE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03564E20 CryptCreateHash,GetLastError,CryptHashData,GetLastError,CryptDeriveKey,GetLastError,CryptEncrypt,GetLastError,CryptDecrypt,GetLastError,CryptDestroyKey,CryptDestroyHash, 45_2_00007FFB03564E20
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4} Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog
Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 0000002D.00000002.1696379168.000001D422D82000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: \mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.ModelsV3\Atera.AgentPackages.ModelsV3\obj\Release\net45\Atera.AgentPackages.ModelsV3.pdbSHA256t source: Atera.AgentPackages.ModelsV3.dll.36.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 0000001C.00000002.1571157311.000001DD472C2000.00000002.00000001.01000000.0000001A.sdmp, Atera.AgentPackage.Common.dll3.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: System.Resources.Reader.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.ModelsV3\Atera.AgentPackages.ModelsV3\obj\Release\net45\Atera.AgentPackages.ModelsV3.pdb source: Atera.AgentPackages.ModelsV3.dll.36.dr
Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe.36.dr
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.36.dr
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr
Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1694921612.000001D422C82000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: .pdb) source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: System.Resources.Reader.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: System.Buffers.dll.21.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb'` source: Atera.AgentPackages.CommonLib.dll.36.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Debug\4.0.11.0\System.Diagnostics.Debug.pdb source: System.Diagnostics.Debug.dll.36.dr
Source: Binary string: ib.pdb: source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr
Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.36.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\net46\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.36.dr
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000015.00000002.1901558159.000002A3428C2000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.36.dr
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000015.00000002.1901558159.000002A3428C2000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll.53.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbD source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1719646159.000001D43BAB2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\agent\_work\8\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbT*n* `*_CorDllMainmscoree.dll source: System.Net.Security.dll.36.dr
Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBpy/G source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: System.Buffers.dll.21.dr
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1696379168.000001D422D82000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 0000001A.00000000.1533103031.000002069BBD2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageAgentInformation.exe.21.dr
Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, Newtonsoft.Json.dll1.36.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll1.36.dr, Newtonsoft.Json.dll.53.dr
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2209008639.000001B373A42000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr
Source: Binary string: t.pdbpdb source: AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC317000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2209008639.000001B373A42000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdbr source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr
Source: Binary string: em.pdb source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 0000002D.00000002.1694921612.000001D422C82000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.36.dr
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 0000001C.00000002.1571157311.000001DD472C2000.00000002.00000001.01000000.0000001A.sdmp, Atera.AgentPackage.Common.dll3.36.dr
Source: Binary string: C:\agent\_work\8\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.Utils\Atera.Utils\obj\Release\net45\Atera.Utils.pdbSHA256 source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, Atera.Utils.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: System.Net.Security.dll.36.dr
Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@*Z* L*_CorDllMainmscoree.dll source: System.Runtime.CompilerServices.VisualC.dll.36.dr
Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.36.dr
Source: Binary string: /_/CommunityToolkit.WinUI.Notifications/obj/Release/net461/CommunityToolkit.WinUI.Notifications.pdbSHA2564 source: CommunityToolkit.WinUI.Notifications.dll.36.dr
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 00000014.00000002.1404516323.00000282CD602000.00000002.00000001.01000000.00000012.sdmp, Pubnub.dll0.2.dr
Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.Utils\Atera.Utils\obj\Release\net45\Atera.Utils.pdb source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, Atera.Utils.dll.36.dr
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 00000014.00000002.1404516323.00000282CD602000.00000002.00000001.01000000.00000012.sdmp, Pubnub.dll0.2.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.36.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI1FA3.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: System.Net.Ping.dll.36.dr
Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/CommunityToolkit.WinUI.Notifications/obj/Release/net461/CommunityToolkit.WinUI.Notifications.pdb source: CommunityToolkit.WinUI.Notifications.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb source: Atera.AgentPackages.CommonLib.dll.36.dr
Checks for available system drives (often done to infect USB drives)
Source: C:\Windows\System32\msiexec.exe File opened: z: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: x: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: v: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: t: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: r: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: p: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: n: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: l: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: j: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: h: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: f: Jump to behavior
Source: C:\Windows\System32\svchost.exe File opened: d: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: b: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: y: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: w: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: u: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: s: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: q: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: o: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: m: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: k: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: i: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: g: Jump to behavior
Source: C:\Windows\System32\msiexec.exe File opened: e: Jump to behavior
Source: C:\Windows\System32\cscript.exe File opened: c:
Source: C:\Windows\System32\msiexec.exe File opened: a: Jump to behavior
Creates COM task schedule object (often to register a task for autostart)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocHandler
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\LocalServer
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\Elevation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\TreatAs
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F87369F-A4E5-4CFC-BD3E-73E6154572DD}\InprocServer32
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1
Found inlined nop instructions (likely shell or obfuscated code)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC751FFFh 20_2_00007FFAAC751FAC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC751873h 20_2_00007FFAAC75172D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC751A44h 20_2_00007FFAAC751A2F
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC784ECBh 21_2_00007FFAAC784C41
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC79B972h 21_2_00007FFAAC79B5E7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781FFFh 21_2_00007FFAAC781EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC784ECBh 21_2_00007FFAAC784DC8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC79B972h 21_2_00007FFAAC79B620
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781873h 21_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781A44h 21_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781FFFh 21_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC78227Bh 21_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC79BDF2h 36_2_00007FFAAC79BB9E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC784ECBh 36_2_00007FFAAC784C41
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781FFFh 36_2_00007FFAAC781EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC784ECBh 36_2_00007FFAAC784DC8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC9A4859h 36_2_00007FFAAC9A46E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC9A2EE0h 36_2_00007FFAAC9A2C39
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC9B18D0h 36_2_00007FFAAC9B1632
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then dec eax 36_2_00007FFAAC9A1FB5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781873h 36_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781A44h 36_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC781FFFh 36_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 4x nop then jmp 00007FFAAC78227Bh 36_2_00007FFAAC780C58

Networking
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 40.119.152.241 443
Yara detected Generic Downloader
Source: Yara match File source: 26.0.AgentPackageAgentInformation.exe.2069bbd0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll, type: DROPPED
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENT.PACKAGE.WATCHDOG/1.5/AGENT.PACKAGE.WATCHDOG.ZIP
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEADREMOTE/6.0/AGENTPACKAGEADREMOTE.ZIP
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMARKETPLACE/1.6/AGENTPACKAGEMARKETPLACE.ZIP
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329C7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEMONITORING/36.9/AGENTPACKAGEMONITORING.ZIP
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEOSUPDATES/19.4/AGENTPACKAGEOSUPDATES.ZIP
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGEPROGRAMMANAGEMENT/24.9/AGENTPACKAGEPROGRAMMANAGE
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGERUNTIMEINSTALLER/1.6/AGENTPACKAGERUNTIMEINSTALLE
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESTREMOTE/23.4/AGENTPACKAGESTREMOTE.ZIP
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: HTTPS://PS.ATERA.COM/AGENTPACKAGESNET45/AGENTPACKAGESYSTEMTOOLS/26.8/AGENTPACKAGESYSTEMTOOLS.ZIP
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85AE7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://a6dc35606b2c6816e.awsglobalaccelerator.com
Source: AteraAgent.exe, 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329A41000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80001000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://acontrol.atera.com/
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004865000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A027000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DE5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005255000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C8CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD47A8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACE2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D423810000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DEF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://agent-api.atera.com
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D423810000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://agentapigateway-us.centralus.cloudapp.azure.com
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004865000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A027000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DE5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005255000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C8CF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD47A8F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACE2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC61000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DEF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B397000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://blob.ams08prdstr06a.store.core.windows.net
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.1582163267.00000206B4EEF000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCe
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC26C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC617000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr, Pubnub.dll0.2.dr, Microsoft.Deployment.WindowsInstaller.dll.36.dr, System.Diagnostics.DiagnosticSource.dll.36.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804D7000.00000004.00000800.00020000.00000000.sdmp, C56C4404C4DEF0DC88E5FCD9F09CB2F10.21.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD56E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A342590000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80545000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80321000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B85000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B05000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3BD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3B9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1896332173.000002A342100000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1582163267.00000206B4ECB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1577296513.000001DD60208000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1619271430.00000131ACBC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1802242322.00000248C5385000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC291000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://cacerts.digl
Source: rundll32.exe, 00000008.00000003.1326647180.00000000072CC000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl.micros
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digice
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC26C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC617000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr, Pubnub.dll0.2.dr, Microsoft.Deployment.WindowsInstaller.dll.36.dr, System.Diagnostics.DiagnosticSource.dll.36.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD545000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1402227067.00000282B3184000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD56E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A141000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B85000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B05000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3BD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3B9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404747077.00000282CD7FC000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: System.Diagnostics.TextWriterTraceListener.dll.36.dr String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com/l
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlE773A8FDE8938C81DD40
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedRootG4.crlLtd
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A141000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80726000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D8058E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD56E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A342590000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80545000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80321000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlBJv
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A3424DB000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: AteraAgent.exe, 00000015.00000002.1878116692.000002A32918E000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A3421CA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab(
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?bfc690b
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B29000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://d17kmd0va0f0mp.cloudfront.net
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D807EB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D8051E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://d25btwd9wax8gu.cloudfront.net
Source: AgentPackageAgentInformation.exe, 0000001A.00000000.1533103031.000002069BBD2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageAgentInformation.exe.21.dr String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B29000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://download.splashtop.com
Source: Newtonsoft.Json.dll.53.dr String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85AE7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://my.splashtop.com
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/dummynamespace/
Source: NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/3
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/5
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/ILogReceiverOneWayServer/ProcessLogMessages
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesResponsep
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/ILogReceiverServer/ProcessLogMessagesT
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://nlog-project.org/ws/T
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com-v
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 00000014.00000002.1404747077.00000282CD823000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404747077.00000282CD7E0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1402227067.00000282B3184000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1402227067.00000282B3184000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD56E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A141000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A342590000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1896332173.000002A342100000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1582163267.00000206B4EEF000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1582163267.00000206B4ECB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1577296513.000001DD60208000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1619271430.00000131ACBC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1802242322.00000248C5385000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC291000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC26C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC617000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr, Pubnub.dll0.2.dr, Microsoft.Deployment.WindowsInstaller.dll.36.dr, System.Diagnostics.DiagnosticSource.dll.36.dr String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B85000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B05000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3BD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B3B9000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, CommunityToolkit.WinUI.Notifications.dll.36.dr String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com1.3.6.1.5.5.7.48.2http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRS
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.com:80/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comUv
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4FC000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crl
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A3424C0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC26C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl7
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comwvC
Source: AteraAgent.exe, 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://ocsp.digicert.comxvD
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B397000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://packagesstore.blob.core.windows.net
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D807EB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D8051E000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ps.atera.com
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ps.atera.comO
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A130000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://ps.pndsn.com
Source: AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: http://schemas.xmlsoap.org/soap/envelope/
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329A41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C85F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD479E3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACDBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACA11000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80001000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85A08000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DAD000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B261000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: svchost.exe, 0000000B.00000002.2503661287.000001FCAC287000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000000B.00000002.2504747776.000001FCACB02000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://standards.iso.org/iso/19770/-2/2009/schema.xsd
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.36.dr String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.36.dr String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.36.dr String found in binary or memory: http://wixtoolset.org/releases/
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1695880267.000001D422D32000.00000002.00000001.01000000.00000021.sdmp String found in binary or memory: http://www.abit.com.tw/
Source: svchost.exe, 00000003.00000002.1365778651.000001ACC0413000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.bingmapsportal.com
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A141000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329DBE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80726000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D8058E000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804D7000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD56E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1897843477.000002A3421F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1898386456.000002A342524000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6B9000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPS0
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.digicert.com/CPSO
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: http://www.microsoft.cq
Source: AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: http://www.w3.oh
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.P
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329DDF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.PR
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.aterD
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329A41000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C85F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD479E3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACDBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACA11000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D423803000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DAD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1619271430.00000131ACBC0000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/PrhP
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C85F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD479E3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACDBF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DAD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production
Source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/Acknowl
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329C7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/AcknowledgeCommands
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329DDF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329AC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.1574235267.000002069C85F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1571797704.000001DD479E3000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001E.00000002.1622260091.00000131ACDBF000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329A41000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329B29000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACA11000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/dynamic-fields/script-based
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC86000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiComm
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC86000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACAA3000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/guiCommandResult
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.0000018792DAD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/recurringCommandResult
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/thresholds/66902f0e-5571-47c0-8de5-86038d3e7b35
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000008.00000002.1327694824.0000000004886000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1468699862.0000000005276000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event;
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.comO
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://agent-api.atera.comh
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://appexmapsappupdate.blob.core.windows.net
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/V1/MapControlConfiguration/native/
Source: svchost.exe, 00000003.00000003.1364967037.000001ACC0462000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Locations
Source: svchost.exe, 00000003.00000002.1366064915.000001ACC0468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364947300.000001ACC0467000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Routes/
Source: svchost.exe, 00000003.00000002.1366229085.000001ACC0481000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/REST/v1/Transit/Stops/
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.ditu.live.com/mapcontrol/logging.ashx
Source: svchost.exe, 00000003.00000002.1366029607.000001ACC0463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365868750.000001ACC043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365160170.000001ACC045A000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364967037.000001ACC0462000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Locations
Source: svchost.exe, 00000003.00000002.1365812001.000001ACC042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366064915.000001ACC0468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364947300.000001ACC0467000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Driving
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Transit
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Routes/Walking
Source: svchost.exe, 00000003.00000002.1366029607.000001ACC0463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365868750.000001ACC043F000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364967037.000001ACC0462000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Traffic/Incidents/
Source: svchost.exe, 00000003.00000002.1365868750.000001ACC043F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/REST/v1/Transit/Schedules/
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/mapcontrol/logging.ashx
Source: svchost.exe, 00000003.00000002.1366029607.000001ACC0463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364967037.000001ACC0462000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dev.virtualearth.net/webservices/v1/LoggingService/LoggingService.svc/Log?
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B0D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.splashtop.com
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B09000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85AE7000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85B0D000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://download.splashtop.com/csrs/Splashtop_Streamer_Win_DEPLOY_INSTALLER_v3.7.2.0.exe
Source: svchost.exe, 00000003.00000003.1365179336.000001ACC0449000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gd?pv=1&r=
Source: svchost.exe, 00000003.00000002.1365868750.000001ACC043F000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000003.00000002.1366029607.000001ACC0463000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364967037.000001ACC0462000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000003.00000003.1365203560.000001ACC0443000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365895662.000001ACC0444000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.api.tiles.ditu.live.com/odvs/gri?pv=1&r=
Source: svchost.exe, 00000003.00000003.1365179336.000001ACC0449000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://dynamic.t0.tiles.ditu.live.com/comp/gen.ashx
Source: svchost.exe, 00000003.00000002.1365812001.000001ACC042B000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1366064915.000001ACC0468000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1364947300.000001ACC0467000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://ecn.dev.virtualearth.net/REST/v1/Imagery/Copyright/
Source: CommunityToolkit.WinUI.Notifications.dll.36.dr String found in binary or memory: https://github.com/CommunityToolkit/WindowsCommunityToolkit
Source: CommunityToolkit.WinUI.Notifications.dll.36.dr String found in binary or memory: https://github.com/CommunityToolkit/WindowsCommunityToolkitP
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll1.36.dr, Newtonsoft.Json.dll.53.dr String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.Diagnostics.DiagnosticSource.dll.36.dr, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.Diagnostics.DiagnosticSource.dll.36.dr, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, System.Buffers.dll.21.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, System.Buffers.dll.21.dr String found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
Source: AteraAgent.exe, 00000015.00000002.1901558159.000002A3428C2000.00000002.00000001.01000000.00000028.sdmp String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85AE2000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85A08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://my.splashtop.com
Source: AgentPackageSTRemote.exe, 0000002A.00000000.1610870120.000001EE85032000.00000002.00000001.01000000.0000001C.sdmp String found in binary or memory: https://my.splashtop.com/csrs/win
Source: NLog.dll.36.dr String found in binary or memory: https://nlog-project.org/
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B377000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packagesstore.blob.core.windows.net
Source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe.36.dr String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Agents/Mac/
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/BitDefender/rmm.zip
Source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B377000.00000004.00000800.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe.36.dr String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric
Source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2190884933.000001B35B377000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MSI/1.8.7.2/Setupx64.msi
Source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe.36.dr String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric/MacAgent/1.0/AteraAgentInstaller.pkgA/
Source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe.36.dr String found in binary or memory: https://packagesstore.blob.core.windows.net/installers/Fabric5Get
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D807EB000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.ateH
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.ateHH
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.ateHR;
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.ateHhh
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329C7F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/a
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/ag
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.12/AgentPackage
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E0C000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.12/AgentPackageA
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.12/AgentPackageAO
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.12/AgentPackageAgentI
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageMonitoring/0.40/AgentPackageMonitoring.z
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329EA8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageSTRemote/2.3/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageHeartbeat/17.11/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageInternalPoller/13.0/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageMonitoring/36.9/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageOsUpdates/19.4/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageProgramManagement/24.9/AgentPackageProgramManageme
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329EA8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageSystemTools/26.6/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTicketing/13.0/AgentPackageTicketing.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageUpgradeAgent/27.1/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip?6aIkQo
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageADRemote/6.0/AgentPackageADRemote.zip?6aIkQoLIi1
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.7/AgentPackageAgentInformati
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80560000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zip?6aIkQo
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageHeartbeat/17.14/AgentPackageHeartbeat.zipO
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageInternalPoller/23.8/AgentPackageInternalPoller.z
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMarketplace/1.6/AgentPackageMarketplace.zip?6aIk
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMoni
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zip?6aIkQ
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.zipO
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageMonitoring/36.9/AgentPackageMonitoring.ziph
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.4/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageOsUpdates/19.4/AgentPackageOsUpdates.zip?6aIkQoL
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageProgramManagement/24.9/AgentPackageProgramManage
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.zip?6aIkQoLIi
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329EA8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSTRemote/23.4/AgentPackageSTRemote.ziph
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.8/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D804E1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageSystemTools/26.8/AgentPackageSystemTools.zip?6aI
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTicketing/29.2/AgentPackageTicketing.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageUpgradeAgent/27.2/AgentPackageUpgradeAgent.zip?6
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageWindowsUpdate/24.6/AgentPackageWindowsUpdate.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageADRemote/1.2/AgentPackageADRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9/AgentPackageHeartbeat.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageInternalPoller/15.9/AgentPackageInternalPoller.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMarketplace/13.0/AgentPackageMarketplace.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitori8
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageMonitoring/22.0/AgentPackageMonitoring.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageNetworkDiscovery/15.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageOsUpdates/1.0/AgentPackageOsUpdates.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B82000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageProgramManagement/15.5/AgentPackageProgramManageme
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E97000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/Agen
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSTRemote/16.0/AgentPackageSTRemote.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageSystemTools/18.9/AgentPackageSystemTools.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329B21000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800CD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTicketing/18.9/AgentPackageTicketing.zip
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageUpgradeAgent/22.1/AgentPackageUpgradeAge
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageWindowsUpdate/18.3/AgentPackageWindowsUpdate.zip
Source: AgentPackageSTRemote.exe, 0000002A.00000002.2174501497.000001EE85A08000.00000004.00000800.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000000.1610870120.000001EE85032000.00000002.00000001.01000000.0000001C.sdmp String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exe
Source: AgentPackageSTRemote.exe, 0000002A.00000000.1610870120.000001EE85032000.00000002.00000001.01000000.0000001C.sdmp String found in binary or memory: https://ps.atera.com/installers/splashtop/win/SplashtopStreamer.exepUsers/Shared/Splashtop
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E61000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A130000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A136000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E61000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A130000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A136000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329AC8000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A130000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=220604ff-7d82-4400-81a1-a9e4ac59a4ab
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a2a50c3f-9485-47a0-8a43-5c1c86bbb401
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329AC8000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=a59c9018-5d76-42b0-adb5-5e60d00da0f5
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ab049951-757a-48f1-8723-61b58ab127f5
Source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D800DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c0f6c0b0-dc8d-4d9d-a87f-1136ef0d8d0b
Source: AteraAgent.exe, 00000015.00000002.1880894733.000002A329E0C000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2088334568.0000027D800DD000.00000004.00000800.00020000.00000000.sdmp String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/66902f0e-5571-47c0-8de5
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp, System.Data.SQLite.dll.36.dr String found in binary or memory: https://system.data.sqlite.org/
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720464714.000001D43BB54000.00000002.00000001.01000000.00000024.sdmp, System.Data.SQLite.dll.36.dr String found in binary or memory: https://system.data.sqlite.org/X
Source: svchost.exe, 00000003.00000003.1365256110.000001ACC0431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365841926.000001ACC0433000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ss
Source: svchost.exe, 00000003.00000003.1365256110.000001ACC0431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365841926.000001ACC0433000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.
Source: svchost.exe, 00000003.00000003.1365203560.000001ACC0443000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/comp/gen.ashx
Source: svchost.exe, 00000003.00000003.1365256110.000001ACC0431000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000002.1365841926.000001ACC0433000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs
Source: svchost.exe, 00000003.00000003.1365179336.000001ACC0449000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gd?pv=1&r=
Source: svchost.exe, 00000003.00000003.1365179336.000001ACC0449000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdi?pv=1&r=
Source: svchost.exe, 00000003.00000003.1365086679.000001ACC045D000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gdv?pv=1&r=
Source: svchost.exe, 00000003.00000002.1365812001.000001ACC042B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.dynamic.tiles.virtualearth.net/odvs/gri?pv=1&r=
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://t0.ssl.ak.tiles.virtualearth.net/tiles/gen
Source: svchost.exe, 00000003.00000002.1365937440.000001ACC0458000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 00000003.00000003.1365229631.000001ACC0457000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://tiles.virtualearth.net/tiles/cmd/StreetSideBubbleMetaData?north=
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp String found in binary or memory: https://urn.to/r/sds_see
Source: System.Data.SQLite.dll.36.dr String found in binary or memory: https://urn.to/r/sds_see12https://urn.to/r/sds_see2
Source: System.Data.SQLite.dll.36.dr String found in binary or memory: https://urn.to/r/sds_see23https://urn.to/r/sds_see1UInnerVerify
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.53.dr String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721379810.000001D43BCA8000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr String found in binary or memory: https://www.nuget.org/packages/NLog.Web.AspNetCore
Source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll1.36.dr, Newtonsoft.Json.dll.53.dr String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
Source: AgentPackageMonitoring.exe String found in binary or memory: https://www.sqlite.org/copyright.html
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1736500188.00007FFB036F4000.00000002.00000001.01000000.0000001E.sdmp String found in binary or memory: https://www.sqlite.org/copyright.html2
Drops certificate files (DER)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4 Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands
barindex
Reads the Security eventlog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Reads the System eventlog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Creates files inside the system directory
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa45.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFBAD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI16A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI14C4.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI18BD.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI18BE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI191D.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1A18.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa47.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa47.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI330F.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa48.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1FA3.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI21B7.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI294A.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\inprogressinstallinfo.ipi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2F94.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FA5.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3071.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI30EF.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\SourceHash{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4} Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F07.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F08.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5003.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI50FE.tmp Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa54.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\3dfa54.msi Jump to behavior
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI57D5.tmp Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp- Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Newtonsoft.Json.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\System.Management.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\CustomAction.config Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp- Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Newtonsoft.Json.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\System.Management.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\CustomAction.config Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp- Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Newtonsoft.Json.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\System.Management.dll Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\CustomAction.config Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Deletes files inside the Windows folder
Source: C:\Windows\System32\msiexec.exe File deleted: C:\Windows\Installer\MSIFBAD.tmp Jump to behavior
Detected potential crypto function
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06D50040 8_3_06D50040
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 13_3_044150B8 13_3_044150B8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 13_3_044159A8 13_3_044159A8
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 13_3_04414D68 13_3_04414D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 20_2_00007FFAAC75C922 20_2_00007FFAAC75C922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 20_2_00007FFAAC75BB76 20_2_00007FFAAC75BB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC791CE0 21_2_00007FFAAC791CE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC79C910 21_2_00007FFAAC79C910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC7A1B54 21_2_00007FFAAC7A1B54
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC79CF58 21_2_00007FFAAC79CF58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC79900E 21_2_00007FFAAC79900E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC789AF2 21_2_00007FFAAC789AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC99E2C1 21_2_00007FFAAC99E2C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC994330 21_2_00007FFAAC994330
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC999453 21_2_00007FFAAC999453
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC99AC97 21_2_00007FFAAC99AC97
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A0F51 21_2_00007FFAAC9A0F51
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A1080 21_2_00007FFAAC9A1080
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A1090 21_2_00007FFAAC9A1090
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A0FD3 21_2_00007FFAAC9A0FD3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A0FFA 21_2_00007FFAAC9A0FFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A1130 21_2_00007FFAAC9A1130
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A1200 21_2_00007FFAAC9A1200
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC780C58 21_2_00007FFAAC780C58
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 24_3_075B0040 24_3_075B0040
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC788682 26_2_00007FFAAC788682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC79100A 26_2_00007FFAAC79100A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC7878D6 26_2_00007FFAAC7878D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC78FA94 26_2_00007FFAAC78FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC7A047D 26_2_00007FFAAC7A047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC78BDB0 26_2_00007FFAAC78BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC7910C0 26_2_00007FFAAC7910C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC7812FA 26_2_00007FFAAC7812FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC768682 28_2_00007FFAAC768682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC77108C 28_2_00007FFAAC77108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC761828 28_2_00007FFAAC761828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC7678D6 28_2_00007FFAAC7678D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC76FA94 28_2_00007FFAAC76FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC78047D 28_2_00007FFAAC78047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC76BDB0 28_2_00007FFAAC76BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC7710C0 28_2_00007FFAAC7710C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC7612FB 28_2_00007FFAAC7612FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7728D0 30_2_00007FFAAC7728D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC76FA94 30_2_00007FFAAC76FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC77529D 30_2_00007FFAAC77529D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC76C798 30_2_00007FFAAC76C798
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC78047D 30_2_00007FFAAC78047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC77108C 30_2_00007FFAAC77108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC77AFF2 30_2_00007FFAAC77AFF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC77DD84 30_2_00007FFAAC77DD84
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC76BDB0 30_2_00007FFAAC76BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7710C0 30_2_00007FFAAC7710C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7755D9 30_2_00007FFAAC7755D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC77DDFA 30_2_00007FFAAC77DDFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7678D6 30_2_00007FFAAC7678D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC768682 30_2_00007FFAAC768682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC761828 30_2_00007FFAAC761828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC76969D 30_2_00007FFAAC76969D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7635DD 30_2_00007FFAAC7635DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC7612FB 30_2_00007FFAAC7612FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC76246B 30_2_00007FFAAC76246B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 32_2_00007FFAAC751828 32_2_00007FFAAC751828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 32_2_00007FFAAC7512FB 32_2_00007FFAAC7512FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC79977E 34_2_00007FFAAC79977E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7989CE 34_2_00007FFAAC7989CE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7912FB 34_2_00007FFAAC7912FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC79C47F 34_2_00007FFAAC79C47F
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC790730 34_2_00007FFAAC790730
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7B00B8 34_2_00007FFAAC7B00B8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7AD370 34_2_00007FFAAC7AD370
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7A5B31 34_2_00007FFAAC7A5B31
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC793BF3 34_2_00007FFAAC793BF3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC79CD90 36_2_00007FFAAC79CD90
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC7A3CE0 36_2_00007FFAAC7A3CE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC79CEB0 36_2_00007FFAAC79CEB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC791DC8 36_2_00007FFAAC791DC8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC7A2063 36_2_00007FFAAC7A2063
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC791A8B 36_2_00007FFAAC791A8B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC791AB8 36_2_00007FFAAC791AB8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC799446 36_2_00007FFAAC799446
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC79D3D8 36_2_00007FFAAC79D3D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC999E9D 36_2_00007FFAAC999E9D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9AB719 36_2_00007FFAAC9AB719
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A87D3 36_2_00007FFAAC9A87D3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9AD151 36_2_00007FFAAC9AD151
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A126E 36_2_00007FFAAC9A126E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A92D0 36_2_00007FFAAC9A92D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A73D7 36_2_00007FFAAC9A73D7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A8728 36_2_00007FFAAC9A8728
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC99AF2D 36_2_00007FFAAC99AF2D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC996950 36_2_00007FFAAC996950
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A99D1 36_2_00007FFAAC9A99D1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9993F2 36_2_00007FFAAC9993F2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC780C58 36_2_00007FFAAC780C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Code function: 42_2_00007FFAAC7915FD 42_2_00007FFAAC7915FD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Code function: 42_2_00007FFAAC796F59 42_2_00007FFAAC796F59
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Code function: 42_2_00007FFAAC7952FA 42_2_00007FFAAC7952FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Code function: 42_2_00007FFAAC798476 42_2_00007FFAAC798476
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036901E0 45_2_00007FFB036901E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036820E0 45_2_00007FFB036820E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03686960 45_2_00007FFB03686960
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035DB880 45_2_00007FFB035DB880
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03618310 45_2_00007FFB03618310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03572310 45_2_00007FFB03572310
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035FA2F0 45_2_00007FFB035FA2F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F22B0 45_2_00007FFB035F22B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03570330 45_2_00007FFB03570330
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035C2240 45_2_00007FFB035C2240
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0360C220 45_2_00007FFB0360C220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035DC110 45_2_00007FFB035DC110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035EA0C0 45_2_00007FFB035EA0C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F40A0 45_2_00007FFB035F40A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355E80C 45_2_00007FFB0355E80C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035EA7E0 45_2_00007FFB035EA7E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03568860 45_2_00007FFB03568860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03616860 45_2_00007FFB03616860
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0356E720 45_2_00007FFB0356E720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03562738 45_2_00007FFB03562738
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035D0600 45_2_00007FFB035D0600
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036705D0 45_2_00007FFB036705D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0360A5D0 45_2_00007FFB0360A5D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035585D4 45_2_00007FFB035585D4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0368E5B0 45_2_00007FFB0368E5B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0368C680 45_2_00007FFB0368C680
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035A0510 45_2_00007FFB035A0510
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035644DC 45_2_00007FFB035644DC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035B64A0 45_2_00007FFB035B64A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0360E590 45_2_00007FFB0360E590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03636590 45_2_00007FFB03636590
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035D4550 45_2_00007FFB035D4550
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355A524 45_2_00007FFB0355A524
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035FCC00 45_2_00007FFB035FCC00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03684C80 45_2_00007FFB03684C80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0363AB00 45_2_00007FFB0363AB00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035A8B90 45_2_00007FFB035A8B90
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035CCB50 45_2_00007FFB035CCB50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03576A80 45_2_00007FFB03576A80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0361AA70 45_2_00007FFB0361AA70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03598A60 45_2_00007FFB03598A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03558A3C 45_2_00007FFB03558A3C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03646910 45_2_00007FFB03646910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035528C0 45_2_00007FFB035528C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035A88A0 45_2_00007FFB035A88A0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035AE990 45_2_00007FFB035AE990
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035EEFD0 45_2_00007FFB035EEFD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359AFB0 45_2_00007FFB0359AFB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03599020 45_2_00007FFB03599020
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355CEA8 45_2_00007FFB0355CEA8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03562F8C 45_2_00007FFB03562F8C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03554DB4 45_2_00007FFB03554DB4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0357CE70 45_2_00007FFB0357CE70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035B0E30 45_2_00007FFB035B0E30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035C4D00 45_2_00007FFB035C4D00
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03566CC0 45_2_00007FFB03566CC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359ACD0 45_2_00007FFB0359ACD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0368CD60 45_2_00007FFB0368CD60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035D6D20 45_2_00007FFB035D6D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036A0D30 45_2_00007FFB036A0D30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03618D20 45_2_00007FFB03618D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0362F3E0 45_2_00007FFB0362F3E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035793D0 45_2_00007FFB035793D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03553474 45_2_00007FFB03553474
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035EB370 45_2_00007FFB035EB370
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355F340 45_2_00007FFB0355F340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035ED350 45_2_00007FFB035ED350
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03663200 45_2_00007FFB03663200
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035511B0 45_2_00007FFB035511B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035BF1B0 45_2_00007FFB035BF1B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355D284 45_2_00007FFB0355D284
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035CF220 45_2_00007FFB035CF220
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036850F0 45_2_00007FFB036850F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035E9170 45_2_00007FFB035E9170
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036A1840 45_2_00007FFB036A1840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0356D830 45_2_00007FFB0356D830
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035C36E0 45_2_00007FFB035C36E0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB036456D0 45_2_00007FFB036456D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0369F790 45_2_00007FFB0369F790
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035AF780 45_2_00007FFB035AF780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359D770 45_2_00007FFB0359D770
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F7720 45_2_00007FFB035F7720
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F1690 45_2_00007FFB035F1690
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03565640 45_2_00007FFB03565640
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035BB647 45_2_00007FFB035BB647
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359F630 45_2_00007FFB0359F630
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355D634 45_2_00007FFB0355D634
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035574B0 45_2_00007FFB035574B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355955C 45_2_00007FFB0355955C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0357BBE0 45_2_00007FFB0357BBE0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03599BA0 45_2_00007FFB03599BA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03693C20 45_2_00007FFB03693C20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F3AF0 45_2_00007FFB035F3AF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03585AD0 45_2_00007FFB03585AD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0363DB80 45_2_00007FFB0363DB80
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035B7B30 45_2_00007FFB035B7B30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035BB9F0 45_2_00007FFB035BB9F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03607A60 45_2_00007FFB03607A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03589A60 45_2_00007FFB03589A60
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0357D910 45_2_00007FFB0357D910
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035B18DA 45_2_00007FFB035B18DA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035AFEF0 45_2_00007FFB035AFEF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03557EC0 45_2_00007FFB03557EC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035EFED0 45_2_00007FFB035EFED0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03605EA0 45_2_00007FFB03605EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035F7EA0 45_2_00007FFB035F7EA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035D3EB0 45_2_00007FFB035D3EB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035E5F20 45_2_00007FFB035E5F20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03567F30 45_2_00007FFB03567F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03589F30 45_2_00007FFB03589F30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03583E10 45_2_00007FFB03583E10
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03597E70 45_2_00007FFB03597E70
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03565E50 45_2_00007FFB03565E50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03599CF0 45_2_00007FFB03599CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0363BCD0 45_2_00007FFB0363BCD0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0362DCC0 45_2_00007FFB0362DCC0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03627D20 45_2_00007FFB03627D20
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAAC7A0FD5 45_2_00007FFAAC7A0FD5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAAC79BD51 45_2_00007FFAAC79BD51
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAAC9BACF8 45_2_00007FFAAC9BACF8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC4557 45_2_00007FFAACAC4557
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACB04DA0 45_2_00007FFAACB04DA0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAB403D 45_2_00007FFAACAB403D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC1037 45_2_00007FFAACAC1037
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC58E7 45_2_00007FFAACAC58E7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAF5138 45_2_00007FFAACAF5138
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC0B88 45_2_00007FFAACAC0B88
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAB2AD3 45_2_00007FFAACAB2AD3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC644D 45_2_00007FFAACAC644D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC34B1 45_2_00007FFAACAC34B1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC46A7 45_2_00007FFAACAC46A7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAF1F88 45_2_00007FFAACAF1F88
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACAC1069 45_2_00007FFAACAC1069
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAACABA8FC 45_2_00007FFAACABA8FC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFAAC79CC7B 45_2_00007FFAAC79CC7B
Found potential string decryption / allocating functions
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: String function: 00007FFB036A1D30 appears 114 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: String function: 00007FFB036A1B70 appears 102 times
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: String function: 00007FFB036A06B0 appears 145 times
Sample file is different than original file name gathered from version info
Source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi
Source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi Binary or memory string: OriginalFilenameSfxCA.dll\ vs SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi
Source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi Binary or memory string: OriginalFilenamewixca.dll\ vs SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi
Source: ICSharpCode.SharpZipLib.dll.2.dr, InflaterInputBuffer.cs Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.2.dr, DeflaterOutputStream.cs Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.2.dr, ZipAESTransform.cs Cryptographic APIs: 'TransformBlock'
Source: AteraAgent.exe.2.dr, SignatureValidator.cs Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
Source: AteraAgent.exe0.2.dr, SignatureValidator.cs Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
Source: classification engine Classification label: mal100.troj.spyw.evad.winMSI@92/410@0/12
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log Jump to behavior
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:1652:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:2020:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:1964:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Mutant created: NULL
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1528:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:6472:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:6068:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:1624:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:3576:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3800:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:5580:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:4332:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:6476:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:344:120:WilError_03
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:3672:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe Mutant created: \BaseNamedObjects\Local\SM0:7152:120:WilError_03
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\TEMP\~DF946B63CA5CEB85FD.TMP Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\SysWOW64\taskkill.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
Source: C:\Windows\System32\msiexec.exe Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFBAD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4062296 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: SELECT Identifier, Severity, Timestamp FROM ThresholdDuration WHERE Identifier = @id;kDELETE FROM ThresholdDuration WHERE Identifier = @id;
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: INSERT INTO [AlertsSent] (Timestamp, Alerts) VALUES (@timestamp, @alerts);kExecuteScriptAsync SystemTools Start scriptGuid : {0}Wrunscriptguid {0} 10 W10= disableSendResultC{0} {1} {2} {3} or8ixLi90Mf "{4}"
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: INSERT INTO ThresholdDuration (Identifier,Severity,Timestamp) Values (@identifier, @severity, @timestamp) ON CONFLICT (Identifier) DO UPDATE SET Severity = excluded.Severity, Timestamp = excluded.Timestamp;
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS StatisticsSendTime (Id INTEGER PRIMARY KEY,Timestamp BIGINT NOT NULL);
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: INSERT INTO Statistics(Name, Timestamp, Value) Values (@name, @timestamp, @value);%StatisticsSendTime
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);@
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);@
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS Stub (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1722197586.000001D43C915000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_Timestamp ON AlertedEvents_V2 (Timestamp); CREATE INDEX IF NOT EXISTS idx_AlertedEvents_V2_LogName ON AlertedEvents_V2 (LogName);@
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: SELECT Timestamp FROM StatisticsSendTime ORDER BY Timestamp DESC LIMIT 1;
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);sSELECT MAX([Timestamp]) AS [TimeStamp] FROM [AlertsSent];
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL); CREATE UNIQUE INDEX IF NOT EXISTS idx_ThresholdDuration_Identifier ON ThresholdDuration (Identifier);@
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: SELECT [Id], [Alerts], [Timestamp] FROM [AlertsSent] ORDER BY [Timestamp] DESC LIMIT 1;
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS Statistics (Id INTEGER PRIMARY KEY,Name TEXT NOT NULL,Timestamp BIGINT NOT NULL,Value TEXT NOT NULL);/DELETE FROM Statistics;eSELECT Id, Name, Timestamp, Value FROM Statistics;
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1722197586.000001D43C915000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS [AlertsSent] (Id INTEGER NOT NULL PRIMARY KEY, Timestamp BIGINT NOT NULL, Alerts TEXT NOT NULL);
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdsProfiles (Id INTEGER NOT NULL PRIMARY KEY,IsActive BOOLEAN NOT NULL,Timestamp BIGINT NOT NULL,Name TEXT NOT NULL,Thresholds TEXT NOT NULL); CREATE INDEX IF NOT EXISTS idx_ThresholdsProfiles_Timestamp ON ThresholdsProfiles (Timestamp);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS ThresholdDuration (Id INTEGER PRIMARY KEY,Identifier TEXT NOT NULL,Severity TEXT NOT NULL,Timestamp BIGINT NOT NULL);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: CREATE TABLE IF NOT EXISTS AlertedEvents_V2 (Id INTEGER PRIMARY KEY, Timestamp BIGINT NOT NULL, LogName TEXT NOT NULL, Severity INTEGER NOT NULL, RecordId BIGINT NOT NULL, EventId BIGINT NOT NULL, Source TEXT NOT NULL, Message TEXT NULL);
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D423841000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D423841000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: INSERT INTO ThresholdsProfiles (IsActive,Timestamp,Name,Thresholds) Values (@isActive,@timestamp,@name,@thresholds); DELETE FROM ThresholdsProfiles WHERE Timestamp < @timeToDelete;@
Source: AgentPackageMonitoring.exe, AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: select Name from Win32_PerfFormattedData_Tcpip_NetworkInterface!DataStatsEnabled9InboundBandwidthStatsEnabled;OutboundBandwidthStatsEnabled
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp Binary or memory string: SELECT Id, IsActive, Timestamp, Name, Thresholds FROM ThresholdsProfiles ORDER BY Timestamp DESC LIMIT 1;
Source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
Source: unknown Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi"
Source: unknown Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k NetworkService -p
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5D92016C39FF7678052452FC1E699E8
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFBAD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4062296 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: unknown Process created: C:\Windows\System32\SgrmBroker.exe C:\Windows\system32\SgrmBroker.exe
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k UnistackSvcGroup
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI16A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4063718 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s StorSvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted -p -s wscsvc
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k wsappx -p -s ClipSVC
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe -k LocalService -s W32Time
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI14C4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4068578 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding FE293C9828EFC6E5D88E7F26AF6615E9 E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="ilpilarsaomateus@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Lu4JQIAZ" /AgentId="66902f0e-5571-47c0-8de5-86038d3e7b35"
Source: unknown Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\sc.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI330F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4076312 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "a7726a3f-8b3e-4e5c-93fd-b7293e973556" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cd1ad75d-30e1-481a-b7d6-4d6b012e03f7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "3f72da7d-d915-4f53-8bc1-de00eab8c542" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "db753a87-56d5-4df4-b088-df029e1319dc" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "b27bbec1-8375-4d6e-a646-54dd514ea664" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\System32\conhost.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "25d94b19-dd8c-444e-8649-b75dcdab378e" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\sppsvc.exe C:\Windows\system32\sppsvc.exe
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cb18c271-196a-4aaf-9ea1-03326a248300" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: unknown Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k smphost
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable
Source: C:\Program Files\Windows Defender\MpCmdRun.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "62bbbd59-291d-44d5-8ada-88594b5f534e" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "153560a1-b70b-409f-affc-69982282c523" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding B5D92016C39FF7678052452FC1E699E8 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding FE293C9828EFC6E5D88E7F26AF6615E9 E Global\MSI0000 Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="ilpilarsaomateus@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Lu4JQIAZ" /AgentId="66902f0e-5571-47c0-8de5-86038d3e7b35" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIFBAD.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4062296 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI16A.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4063718 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI14C4.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4068578 10 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI330F.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_4076312 32 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd Jump to behavior
Source: C:\Windows\System32\svchost.exe Process created: C:\Program Files\Windows Defender\MpCmdRun.exe "C:\Program Files\Windows Defender\mpcmdrun.exe" -wdenable Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "a7726a3f-8b3e-4e5c-93fd-b7293e973556" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cd1ad75d-30e1-481a-b7d6-4d6b012e03f7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "3f72da7d-d915-4f53-8bc1-de00eab8c542" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "db753a87-56d5-4df4-b088-df029e1319dc" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "b27bbec1-8375-4d6e-a646-54dd514ea664" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "25d94b19-dd8c-444e-8649-b75dcdab378e" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cb18c271-196a-4aaf-9ea1-03326a248300" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "62bbbd59-291d-44d5-8ada-88594b5f534e" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "153560a1-b70b-409f-affc-69982282c523" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: uxtheme.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textinputframework.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coreuicomponents.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: coremessaging.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: textshaping.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msihnd.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: tsappcmp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netapi32.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wkscli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: netutils.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: srclient.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: spp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vssapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vsstrace.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rsaenh.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cryptbase.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: msisip.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: vcruntime140_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ucrtbase_clr0400.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: rstrtmgr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ncrypt.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntasn1.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: pcacli.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: mscoree.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: moshost.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mapsbtsvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mosstorage.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ztrace_maps.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: bcp47langs.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mapconfiguration.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: aphostservice.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: networkhelper.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userdataplatformhelperutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: syncutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mccspal.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: vaultcli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dmcfgutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wintypes.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: msvcp110_win.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dmcmnutils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dmxmlhelputils.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: policymanager.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptsp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: xmllite.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: inproclogger.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: flightsettings.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windows.networking.connectivity.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: npmproxy.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: iertutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: msv1_0.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntlmshared.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cryptdll.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: synccontroller.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: pimstore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: aphostclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: accountaccessor.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dsclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: systemeventsbrokerclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userdatalanguageutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mccsengineshared.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cemapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userdatatypehelperutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: phoneutil.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: onecorecommonproxystub.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: execmodelproxy.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rmclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: storsvc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: devobj.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: fltlib.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: ntmarta.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: bcd.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wer.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: winhttp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: cabinet.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: windows.storage.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: appxdeploymentclient.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: storageusage.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: profapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: propsys.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: kernel.appcore.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: w32time.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: logoncli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: powrprof.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: umpdc.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: wldp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: mswsock.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: userenv.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: gpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dsrole.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: sspicli.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: iphlpapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: vmictimeprovider.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: dnsapi.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: rasadhlp.dll Jump to behavior
Source: C:\Windows\System32\svchost.exe Section loaded: fwpuclnt.dll Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: apphelp.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: aclayers.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: sfc_os.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: msi.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\msiexec.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net.exe Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: samcli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: dsrole.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: wkscli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: logoncli.dll
Source: C:\Windows\SysWOW64\net1.exe Section loaded: cryptbase.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: version.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: mpr.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: framedynos.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: dbghelp.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: srvcli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: netutils.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: sspicli.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: kernel.appcore.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: wbemcomn.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: winsta.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: amsi.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: userenv.dll
Source: C:\Windows\SysWOW64\taskkill.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: uxtheme.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: riched20.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: usp10.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: msls31.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cabinet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wscapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wtsapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winsta.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: devobj.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: napinsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: pnrpnsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: wshbth.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: nlaapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Section loaded: winrnr.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Section loaded: edputil.dll
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}\InprocServer32 Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe.config Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Directory created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to behavior
Source: C:\Windows\System32\msiexec.exe Registry value created: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6B2921FF-79C1-4EBF-81B4-C606D4E5BEF4} Jump to behavior
Source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi Static file information: File size 2994176 > 1048576
Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdbSHA256 source: AgentPackageMonitoring.exe, 0000002D.00000002.1696379168.000001D422D82000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: \mscorlib.pdbpdblib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.NetworkInformation\4.1.2.0\System.Net.NetworkInformation.pdb source: System.Net.NetworkInformation.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.ModelsV3\Atera.AgentPackages.ModelsV3\obj\Release\net45\Atera.AgentPackages.ModelsV3.pdbSHA256t source: Atera.AgentPackages.ModelsV3.dll.36.dr
Source: Binary string: \??\C:\Windows\dll\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 0000001C.00000002.1571157311.000001DD472C2000.00000002.00000001.01000000.0000001A.sdmp, Atera.AgentPackage.Common.dll3.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdb source: System.Resources.Reader.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.ModelsV3\Atera.AgentPackages.ModelsV3\obj\Release\net45\Atera.AgentPackages.ModelsV3.pdb source: Atera.AgentPackages.ModelsV3.dll.36.dr
Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe.36.dr
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdbp+ source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb source: System.Runtime.CompilerServices.VisualC.dll.36.dr
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr
Source: Binary string: D:\a\1\s\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent\obj\Release\AgentPackageUpgradeAgent.pdbdeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1694921612.000001D422C82000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: .pdb) source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Resources.Reader\4.0.2.0\System.Resources.Reader.pdbl( source: System.Resources.Reader.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.TextWriterTraceListener\4.0.2.0\System.Diagnostics.TextWriterTraceListener.pdb source: System.Diagnostics.TextWriterTraceListener.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdbSHA256 source: System.Buffers.dll.21.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb'` source: Atera.AgentPackages.CommonLib.dll.36.dr
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdbl source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Diagnostics.Debug\4.0.11.0\System.Diagnostics.Debug.pdb source: System.Diagnostics.Debug.dll.36.dr
Source: Binary string: ib.pdb: source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_64\mscorlib\v4.0_4.0.0.0__b77a5c561934e089\mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr
Source: Binary string: C:\dev\sqlite\dotnet-private\obj\2015\System.Data.SQLite.2015\Release\System.Data.SQLite.pdb source: System.Data.SQLite.dll.36.dr
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Diagnostics.DiagnosticSource\net46\System.Diagnostics.DiagnosticSource.pdb source: System.Diagnostics.DiagnosticSource.dll.36.dr
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000015.00000002.1901558159.000002A3428C2000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Data.Common/netfx\System.Data.Common.pdb source: System.Data.Common.dll.36.dr
Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000015.00000002.1901558159.000002A3428C2000.00000002.00000001.01000000.00000028.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll.53.dr
Source: Binary string: \??\C:\Windows\symbols\dll\mscorlib.pdbD source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\code\dapper-dot-net\Dapper\bin\Release\net45\Dapper.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1719646159.000001D43BAB2000.00000002.00000001.01000000.00000023.sdmp
Source: Binary string: C:\agent\_work\8\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: Microsoft.Deployment.WindowsInstaller.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdbT*n* `*_CorDllMainmscoree.dll source: System.Net.Security.dll.36.dr
Source: Binary string: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDBpy/G source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\projects\nlog\src\NLog\obj\Release\net45\NLog.pdbSHA256d source: AgentPackageMonitoring.exe, 0000002D.00000002.1720602037.000001D43BBD2000.00000002.00000001.01000000.00000025.sdmp, NLog.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Buffers\netstandard1.1\System.Buffers.pdb source: System.Buffers.dll.21.dr
Source: Binary string: C:\projects\polly\src\Polly\obj\Release\netstandard1.1\Polly.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1696379168.000001D422D82000.00000002.00000001.01000000.00000022.sdmp
Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AgentPackageAgentInformation.exe, 0000001A.00000000.1533103031.000002069BBD2000.00000002.00000001.01000000.00000018.sdmp, AgentPackageAgentInformation.exe.21.dr
Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, Newtonsoft.Json.dll1.36.dr
Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000005.00000003.1267628350.0000000004921000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000467B000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.0000000004225000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004F1B000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001A.00000002.1571556014.000002069C692000.00000002.00000001.01000000.0000001B.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2195827231.000001EE9E170000.00000002.00000001.01000000.00000030.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1721452869.000001D43BCB2000.00000002.00000001.01000000.00000026.sdmp, Newtonsoft.Json.dll1.36.dr, Newtonsoft.Json.dll.53.dr
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdbSHA256e source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2209008639.000001B373A42000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, System.ValueTuple.dll.53.dr, System.ValueTuple.dll.36.dr, System.ValueTuple.dll.2.dr
Source: Binary string: t.pdbpdb source: AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC317000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\Users\dahall\Documents\GitHubRepos\TaskScheduler\TaskService\obj\Release\net40\Microsoft.Win32.TaskScheduler.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2209008639.000001B373A42000.00000002.00000001.01000000.00000031.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdbr source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: D:\a\1\s\AgentPackageMonitoring\AgentPackageMonitoring\obj\Release\AgentPackageMonitoring.pdb source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp
Source: Binary string: AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI18BE.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr, MSI5003.tmp.2.dr
Source: Binary string: em.pdb source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: C:\projects\structuremap\src\StructureMap\obj\Release\net45\StructureMap.pdbSHA256`{f source: AgentPackageMonitoring.exe, 0000002D.00000002.1694921612.000001D422C82000.00000002.00000001.01000000.00000020.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Linq.Parallel\4.0.1.0\System.Linq.Parallel.pdb source: System.Linq.Parallel.dll.36.dr
Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 0000001C.00000002.1571157311.000001DD472C2000.00000002.00000001.01000000.0000001A.sdmp, Atera.AgentPackage.Common.dll3.36.dr
Source: Binary string: C:\agent\_work\8\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbT source: Microsoft.Deployment.WindowsInstaller.dll.36.dr
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.Utils\Atera.Utils\obj\Release\net45\Atera.Utils.pdbSHA256 source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, Atera.Utils.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Security\4.0.2.0\System.Net.Security.pdb source: System.Net.Security.dll.36.dr
Source: Binary string: PC:\Windows\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: \??\C:\Windows\symbols\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: pC:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.PDB source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.IO.FileSystem.Primitives\4.0.3.0\System.IO.FileSystem.Primitives.pdb source: System.IO.FileSystem.Primitives.dll.36.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Runtime.CompilerServices.VisualC\4.0.2.0\System.Runtime.CompilerServices.VisualC.pdb@*Z* L*_CorDllMainmscoree.dll source: System.Runtime.CompilerServices.VisualC.dll.36.dr
Source: Binary string: mscorlib.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: E:\A\_work\1795\s\corefx\bin/obj/Windows_NT.AnyCPU.Release/System.Runtime.Serialization.Primitives/netfx\System.Runtime.Serialization.Primitives.pdb source: System.Runtime.Serialization.Primitives.dll.36.dr
Source: Binary string: /_/CommunityToolkit.WinUI.Notifications/obj/Release/net461/CommunityToolkit.WinUI.Notifications.pdbSHA2564 source: CommunityToolkit.WinUI.Notifications.dll.36.dr
Source: Binary string: C:\dev\sqlite\dotnet-private\bin\2012\x64\ReleaseNativeOnlyStatic\SQLite.Interop.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1736042091.00007FFB036AA000.00000002.00000001.01000000.0000001E.sdmp
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 00000014.00000002.1404516323.00000282CD602000.00000002.00000001.01000000.00000012.sdmp, Pubnub.dll0.2.dr
Source: Binary string: C:\Windows\AgentPackageUpgradeAgent.pdbpdbent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.Utils\Atera.Utils\obj\Release\net45\Atera.Utils.pdb source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, Atera.Utils.dll.36.dr
Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 00000014.00000002.1404516323.00000282CD602000.00000002.00000001.01000000.00000012.sdmp, Pubnub.dll0.2.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdb source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: c:\dev\sqlite\dotnet-private\obj\2012\System.Data.SQLite.2012\Release\System.Data.SQLite.pdb source: AgentPackageMonitoring.exe, 0000002D.00000002.1719872483.000001D43BAF2000.00000002.00000001.01000000.00000024.sdmp
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.WebSockets\4.0.2.0\System.Net.WebSockets.pdb source: System.Net.WebSockets.dll.36.dr
Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, MSI1FA3.tmp.2.dr, ateraAgentSetup64_1_8_7_2.msi.53.dr
Source: Binary string: E:\A\_work\582\s\bin\obj\ref\System.Net.Ping\4.0.2.0\System.Net.Ping.pdb source: System.Net.Ping.dll.36.dr
Source: Binary string: \??\C:\Windows\exe\AgentPackageUpgradeAgent.pdb source: AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp
Source: Binary string: /_/CommunityToolkit.WinUI.Notifications/obj/Release/net461/CommunityToolkit.WinUI.Notifications.pdb source: CommunityToolkit.WinUI.Notifications.dll.36.dr
Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netstandard1.1\System.Memory.pdbSHA256 source: AteraAgent.exe, 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp
Source: Binary string: D:\a\41\s\AteraNugetPackages\Atera.AgentPackages.CommonLib\Atera.AgentPackages.CommonLib\obj\Release\Atera.AgentPackages.CommonLib.pdb source: Atera.AgentPackages.CommonLib.dll.36.dr
Binary contains a suspicious time stamp
Source: BouncyCastle.Crypto.dll.2.dr Static PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03561910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 45_2_00007FFB03561910
Uses code obfuscation techniques (call, push, ret)
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C657B8 push es; ret 8_3_06C65840
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C60E8C push ebp; retn 5506h 8_3_06C620AE
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C64E90 push es; ret 8_3_06C64EA0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C66BF3 push es; ret 8_3_06C66C00
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C6688B push es; ret 8_3_06C66890
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C6576F push es; ret 8_3_06C65860
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C634AB push edi; retf 8_3_06C634B2
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C63439 push esi; retf 8_3_06C6343A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C63373 push ebp; retf 8_3_06C6337A
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C658D1 push es; ret 8_3_06C658E0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C658F0 push es; ret 8_3_06C65900
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65890 push es; ret 8_3_06C658A0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C658B0 push es; ret 8_3_06C658C0
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65850 push es; ret 8_3_06C65860
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65873 push es; ret 8_3_06C65880
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65951 push es; ret 8_3_06C65960
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65910 push es; ret 8_3_06C65920
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06C65931 push es; ret 8_3_06C65940
Source: C:\Windows\SysWOW64\rundll32.exe Code function: 8_3_06D584A1 push es; ret 8_3_06D584B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC790E8D push eax; retf 21_2_00007FFAAC790EAC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC787A95 push ecx; retf 21_2_00007FFAAC787A3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC7A0AAA pushad ; ret 21_2_00007FFAAC7A0AB9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC787A15 push ecx; retf 21_2_00007FFAAC787A3A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC990F64 push eax; ret 21_2_00007FFAAC990F94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 26_2_00007FFAAC7894FD push eax; retf 26_2_00007FFAAC78950C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 28_2_00007FFAAC775587 push ebp; iretd 28_2_00007FFAAC7755D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 30_2_00007FFAAC775587 push ebp; iretd 30_2_00007FFAAC7755D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC7AD2E5 pushad ; iretd 34_2_00007FFAAC7BAA65
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC792D9B push eax; ret 34_2_00007FFAAC792E1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC79F650 push eax; iretd 34_2_00007FFAAC79F65D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Code function: 34_2_00007FFAAC79F8E5 push ecx; retf 34_2_00007FFAAC79F8EA

Persistence and Installation Behavior
barindex
Creates files in the system32 config directory
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageSTRemote.exe.log
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageMonitoring.exe.log
Drops PE files
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFBAD.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa52.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa4e.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI18BE.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\System.Management.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI30EF.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI57D5.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI191D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI330F.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe File created: C:\Windows\Temp\SplashtopStreamer.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa50.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI16A.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1A18.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI50FE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI14C4.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F08.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\System.Management.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI294A.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa4f.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa51.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: 3dfa4c.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Buffers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI21B7.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5003.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\System.Management.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3071.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1FA3.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files\ATERA Networks\AteraAgent\AteraAgent.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FA5.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll Jump to dropped file
Drops PE files to the windows directory (C:\Windows)
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1A18.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI30EF.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI5003.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI14C4.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI50FE.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI18BE.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI4F08.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI57D5.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI3071.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI1FA3.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe File created: C:\Windows\Temp\SplashtopStreamer.exe Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI191D.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI330F.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI16A.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI21B7.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI294A.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSIFBAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSIFBAD.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI2FA5.tmp Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe File created: C:\Windows\Installer\MSI14C4.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe File created: C:\Windows\Installer\MSI330F.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Windows\system32\InstallUtil.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog

Boot Survival
barindex
Installs Task Scheduler Managed Wrapper
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll
Creates or modifies windows services
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application
Modifies existing windows services
Source: C:\Windows\System32\svchost.exe Registry key value modified: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\W32Time\Config Jump to behavior
Uses net.exe to stop services
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Extensive use of GetProcAddress (often used to hide API calls)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355A524 EncodePointer,GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress, 45_2_00007FFB0355A524
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Stores large binary data to the registry
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOGPFAULTERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\System32\svchost.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOGPFAULTERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion
barindex
Queries sensitive disk information (via WMI, Win32_DiskDrive, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDrive
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\ROOT\cimv2:Win32_DiskDrive.DeviceID=&quot;\\\\.\\PHYSICALDRIVE0&quot;} where resultclass = Win32_DiskPartition
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_DiskDriveToDiskPartition where Antecedent=&quot;Win32_DiskDrive.DeviceID=\&quot;\\\\\\\\.\\\\PHYSICALDRIVE0\&quot;&quot;
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PhysicalAdapter,Name,PNPDeviceID from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Queries sensitive service information (via WMI, WIN32_SERVICE, often done to detect sandboxes)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Name,DisplayName,Description,State from Win32_Service
Queries sensitive service information (via WMI, Win32_LogicalDisk, often done to detect sandboxes)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT Size,FreeSpace,Name FROM Win32_LogicalDisk where DriveType=3
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #0&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #0\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #1&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #1\&quot;&quot;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : associators of {\\user-PC\root\cimv2:Win32_DiskPartition.DeviceID=&quot;Disk #0, Partition #2&quot;} where resultclass = Win32_LogicalDisk
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_LogicalDiskToPartition where Antecedent=&quot;Win32_DiskPartition.DeviceID=\&quot;Disk #0, Partition #2\&quot;&quot;
Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Name from Win32_SoundDevice
Query firmware table information (likely to detect VMs)
Source: C:\Windows\System32\svchost.exe System information queried: FirmwareTableInformation Jump to behavior
Allocates memory with a write watch (potentially for evading sandboxes)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 282B3390000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 282CCDD0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 2A329280000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 2A341A40000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 2069BF30000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 206B47A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 1DD47280000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 1DD5F960000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 131AC690000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 131C4D00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 1851F400000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 18537600000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 248AC430000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 248C4A10000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 27DEB3D0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Memory allocated: 27DEB950000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Memory allocated: 1EE85380000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Memory allocated: 1EE9D990000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Memory allocated: 1D422A00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Memory allocated: 1D43B2A0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 18792200000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Memory allocated: 187AA850000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Memory allocated: 1B35AD90000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Memory allocated: 1B373260000 memory reserve | memory write watch
Contains capabilities to detect virtual machines
Source: C:\Windows\System32\svchost.exe File opened / queried: SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} Jump to behavior
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A92D0 rdtsc 36_2_00007FFAAC9A92D0
Contains functionality to detect virtual machines (SGDT)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 21_2_00007FFAAC9A09B5 sgdt fword ptr [eax] 21_2_00007FFAAC9A09B5
Contains long sleeps (>= 3 min)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599875
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599546
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599436
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599327
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598452
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598124
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597249
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596921
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596702
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596484
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596375
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596265
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596156
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596046
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 595937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 595828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599766
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599635
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599516
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599403
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599151
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598919
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598807
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598545
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598410
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598295
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598183
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598057
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597949
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597641
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597498
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597382
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597260
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596907
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596782
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596670
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596558
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596443
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 595110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594827
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594694
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594572
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594459
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594194
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593844
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593734
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593489
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593250
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593032
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592445
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591445
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591325
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590641
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590421
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590297
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590172
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590061
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Thread delayed: delay time: 922337203685477
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Window / User API: threadDelayed 3582
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Window / User API: threadDelayed 5939
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Window / User API: threadDelayed 3034
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Window / User API: threadDelayed 6371
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Window / User API: threadDelayed 4650
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Window / User API: threadDelayed 4886
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Window / User API: threadDelayed 5377
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Window / User API: threadDelayed 4325
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Window / User API: threadDelayed 1957
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Window / User API: threadDelayed 878
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Window / User API: threadDelayed 1152
Found dropped PE file which has not been started or loaded
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tracing.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Xml.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Dynamic.Runtime.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\CommunityToolkit.WinUI.Notifications.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlSerializer.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.Exceptions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Ping.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.X509Certificates.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Interop.WUApiLib.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI16A.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Data.SQLite.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFBAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.ValueTuple.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFBAD.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Polly.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\log4net.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Contracts.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3dfa52.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.MemoryMappedFiles.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Concurrent.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TraceSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Thread.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\RunScriptAsUser.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3dfa4e.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Watcher.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Csp.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x86\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.ThreadPool.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFBAD.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI18BE.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x86\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Pipes.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Memory.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Pubnub.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.Client.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\LiteDB.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Formatters.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Tools.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ObjectModel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.StackTrace.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI14C4.tmp-\System.Management.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Sockets.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Algorithms.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingTrayTMP.exe Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.NonGeneric.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Overlapped.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI30EF.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Claims.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebSockets.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI57D5.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.VisualC.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI191D.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.UnmanagedMemoryStream.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Console.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Process.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Parallel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI330F.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI330F.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingNotifications.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.XDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.TextWriterTraceListener.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.Debug.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Drawing.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Timer.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Dropped PE file which has not been started: C:\Windows\Temp\SplashtopStreamer.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Atera.AgentCommunication.Models.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3dfa50.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI16A.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminderNotification.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Queryable.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Security.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\chocolatey.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1A18.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.Parallel.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.DriveInfo.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI16A.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI14C4.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI50FE.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.AppContext.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.RegularExpressions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.Compression.ZipFile.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI330F.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\AgentPackageHeartbeat.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Handles.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XmlDocument.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\ThirdPartyPackageManager.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\netstandard.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Reader.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.Tasks.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI14C4.tmp-\Microsoft.Deployment.WindowsInstaller.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Buffers.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.ResourceManager.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI4F08.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.EventBasedAsync.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI330F.tmp-\System.Management.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Cryptography.Encoding.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Numerics.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.CommonLib.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\Pubnub.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NetworkInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\t2tWinFormAppBarLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Numerics.Vectors.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\AgentPackageMarketplace.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.ValueTuple.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Microsoft.ApplicationInsights.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.FileSystem.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\SharpSnmpLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Resources.Writer.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI294A.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.ComponentModel.TypeConverter.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\EO.WebBrowser.WinForm.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.XPath.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\Polly.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.NameResolution.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.IO.IsolatedStorage.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Diagnostics.DiagnosticSource.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Reflection.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.CompilerServices.Unsafe.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Http.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3dfa4f.rbf (copy) Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: 3dfa51.rbf (copy) Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\x64\SQLite.Interop.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Buffers.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Linq.Expressions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\StructureMap.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\NLog.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI21B7.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.InteropServices.RuntimeInformation.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Collections.Specialized.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI14C4.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Threading.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\QRCoder.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\System.Buffers.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Primitives.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.Principal.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSIFBAD.tmp-\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.Utils.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Globalization.Calendars.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Memory.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI5003.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.Requests.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Buffers.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI16A.tmp-\System.Management.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI3071.tmp Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI1FA3.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Security.SecureString.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\IdleTimeFinder.exe Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Microsoft.Win32.TaskScheduler.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\FormControlsLibrary.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Data.Common.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\ICSharpCode.SharpZipLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Xml.ReaderWriter.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\System.Memory.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Text.Encoding.Extensions.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\CommunityToolkit.WinUI.Notifications.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll Jump to dropped file
Source: C:\Windows\System32\msiexec.exe Dropped PE file which has not been started: C:\Windows\Installer\MSI2FA5.tmp Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Runtime.Serialization.Json.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Net.WebHeaderCollection.dll Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\System.Diagnostics.FileVersionInfo.dll Jump to dropped file
Is looking for software installed on the system
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Registry key enumerated: More than 126 enums for key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
May sleep (evasive loops) to hinder dynamic analysis
Source: C:\Windows\SysWOW64\rundll32.exe TID: 6816 Thread sleep time: -30000s >= -30000s Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2172 Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 4552 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 576 Thread sleep count: 3582 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 576 Thread sleep count: 5939 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1532 Thread sleep time: -27670116110564310s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2500 Thread sleep time: -160000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3284 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2324 Thread sleep time: -180000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 1180 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6424 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6472 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6772 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6968 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6972 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2548 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 1888 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6596 Thread sleep count: 3034 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4460 Thread sleep count: 6371 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -23058430092136925s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599875s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599765s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599656s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599546s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599436s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599327s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -599109s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598999s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598890s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598780s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598671s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598562s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598452s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598343s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598234s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598124s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -598015s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597906s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597796s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597687s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597578s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597468s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597359s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597249s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597140s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -597031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596921s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596812s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596702s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596593s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596484s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596375s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596265s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596156s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -596046s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -595937s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3168 Thread sleep time: -595828s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4232 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2676 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5788 Thread sleep count: 4650 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 348 Thread sleep count: 34 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 348 Thread sleep time: -31359464925306218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 348 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 1568 Thread sleep count: 4886 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6944 Thread sleep time: -210000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3876 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6720 Thread sleep time: -180000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep count: 37 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -34126476536362649s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -600000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 5880 Thread sleep count: 5377 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599766s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599635s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 5880 Thread sleep count: 4325 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599516s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599403s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599282s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599151s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -599031s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598919s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598807s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598672s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598545s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598410s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598295s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598183s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -598057s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597949s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597840s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597641s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597498s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597382s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597260s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597141s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -597030s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596907s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596782s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596670s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596558s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596443s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -596218s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -595110s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594937s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594827s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594694s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594572s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594459s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594340s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594194s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -594078s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593969s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593844s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593734s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593625s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593489s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593360s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593250s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593140s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -593032s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -592922s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -592445s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -592282s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -591625s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -591445s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -591325s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -591203s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -591094s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590969s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590859s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590750s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590641s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590531s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590421s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590297s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590172s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe TID: 712 Thread sleep time: -590061s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 2332 Thread sleep count: 1957 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 1588 Thread sleep time: -7378697629483816s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 1588 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 2332 Thread sleep count: 878 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 2044 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe TID: 3492 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5740 Thread sleep count: 1152 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2044 Thread sleep count: 201 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2836 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4908 Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 2908 Thread sleep time: -60000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 3660 Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe TID: 2992 Thread sleep time: -922337203685477s >= -30000s
Queries disk information (often used to detect virtual machines)
Source: C:\Windows\System32\svchost.exe File opened: PhysicalDrive0 Jump to behavior
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\CIMV2 : select Manufacturer,SoftwareElementID,ReleaseDate from Win32_BIOS
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain,Workgroup,Domain FROM Win32_ComputerSystem
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_ComputerSystem
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select MaxClockSpeed from Win32_Processor
Sample execution stops while process was sleeping (likely an evasion)
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe Last function: Thread delayed
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\ FullSizeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe File Volume queried: C:\Windows\System32 FullSizeInformation Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599875
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599765
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599656
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599546
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599436
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599327
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 599109
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598999
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598780
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598671
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598562
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598452
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598343
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598234
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598124
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 598015
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597906
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597796
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597687
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597578
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597468
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597359
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597249
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 597031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596921
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596812
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596702
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596593
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596484
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596375
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596265
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596156
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 596046
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 595937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 595828
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 600000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599766
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599635
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599516
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599403
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599151
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 599031
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598919
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598807
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598672
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598545
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598410
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598295
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598183
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 598057
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597949
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597641
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597498
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597382
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597260
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597141
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 597030
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596907
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596782
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596670
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596558
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596443
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 596218
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 595110
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594937
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594827
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594694
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594572
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594459
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594340
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594194
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 594078
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593844
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593734
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593489
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593250
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593140
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 593032
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592445
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 592282
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591625
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591445
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591325
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591203
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 591094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590969
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590859
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590750
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590641
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590531
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590421
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590297
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590172
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Thread delayed: delay time: 590061
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-CheckSumValid.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Format-FileSize.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariableNames.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-EnvironmentVariable.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyUnzip.ps1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe File opened: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\helpers\functions\Get-ChocolateyWebFile.ps1
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2130780477.00000187AB30C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware
Source: svchost.exe, 00000030.00000002.2501821114.0000018A90E00000.00000004.00000001.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c298128b8c02a71a2474aeb5f3dcPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 006000C298128B8C02A71A2474AEB5F3DC
Source: AteraAgent.exe, 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAWx
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2122617084.00000187AB1C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Remote Desktop Virtualization Service
Source: AgentPackageAgentInformation.exe, 0000001E.00000002.1619271430.00000131ACBC0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllQQ$
Source: svchost.exe, 00000030.00000002.2502093962.0000018A90E2B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @"VMware"
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStopped?M
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C5292000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceSynchronizes the system time of this virtual machine with the system time of the physical computer.Hyper-V Time Synchronization ServicevmictimesyncStopped
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2126951951.00000187AB255000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicvss"
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD518000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000014.00000002.1404068454.00000282CD575000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000015.00000002.1900170957.000002A342598000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2123477917.00000187AB1E9000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServicevmicshutdownvmicshutdownStoppedvice"
Source: svchost.exe, 00000009.00000002.2505169096.000001C53ED02000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000030.00000002.2503212869.0000018A90EAE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SetPropValue.FriendlyName("VMware Virtual disk");
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2089271472.000001879213A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800406533.00000248C5274000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicheartbeat"oaf6
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2130780477.00000187AB30C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Virtual disk
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: |Provides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.
Source: AgentPackageAgentInformation.exe.21.dr Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800594829.00000248C528C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmicshutdown|
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.pP
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStoppedP
Source: rundll32.exe, 00000008.00000002.1327209850.0000000002C1C000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.1326692205.0000000002C1B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll:
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1799050263.00000248C5209000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServicevmicshutdownvmicshutdownStopped
Source: svchost.exe, 00000009.00000002.2503905148.000001C53EC4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: m&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\Device\CdRom0\??\Volume{a33c736e-61ca-11ee-8c18-806e6f6e6963}\DosDevices\D: @
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2127456015.00000187AB26F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmicshutdown
Source: Atera.AgentPackages.CommonLib.dll.36.dr Binary or memory string: vmware
Source: svchost.exe, 00000030.00000002.2502286071.0000018A90E52000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: JSetPropValue.Manufacturer("VMware");
Source: AgentPackageMonitoring.exe, 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: IsVirtualMachine
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: $Hyper-V Time Synchronization Service
Source: svchost.exe, 00000030.00000002.2502404404.0000018A90E68000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c298128b8c02a71a2474aeb5f3dcPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2127533637.00000187AB275000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmicvss
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C529D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped?
Source: svchost.exe, 00000009.00000002.2504391110.000001C53EC66000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: &@SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000?
Source: svchost.exe, 00000030.00000002.2504895805.0000018A91123000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SPACES_PhysicalDisk{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{3c527940-1853-195e-fb1a-27cdb1f80e4a}6000C298128B8C02A71A2474AEB5F3DCVMware Virtual diskVMwareVirtual disk6000c298128b8c02a71a2474aeb5f3dcPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2122617084.00000187AB1C0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Data Exchange Service
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C5292000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Provides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: svchost.exe, 00000030.00000002.2503658268.0000018A90ED3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @friendlyname"vmware virtual disk"lse
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2089271472.000001879213A000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V hypervisor to provide per-partition performance counters to the host operating system.HV Host ServiceHvHostStoppedyy
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C5292000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Hyper-V Guest Service Interface
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: -Hyper-V Remote Desktop Virtualization Service
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2127456015.00000187AB26F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmicheartbeat
Source: svchost.exe, 00000030.00000002.2502286071.0000018A90E52000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: dSetPropValue.FriendlyName("VMware Virtual disk");
Source: AteraAgent.exe, 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%\System32\fveui.dll,-843RA%20NetworksAteraAgentAteraAgent.exe
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: vmicshutdownHyper-V Remote Desktop Virtualization ServicevmicrdvHyper-V Data Exchange ServicevmickvpexchangeHyper-V Heartbeat ServicevmicheartbeatHyper-V Guest Service InterfacevmicguestinterfaceVirtual DiskvdsCredent
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800406533.00000248C5274000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicshutdown"ea
Source: svchost.exe, 00000009.00000002.2504391110.000001C53EC7F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: qProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2124034008.00000187AB1F3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServicevmicvssvmicvssStoppedA
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2126951951.00000187AB255000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicheartbeat"
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: "Win32_Service.Name="vmicheartbeat"p^
Source: AteraAgent.exe, 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW0
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C5292000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V Time Synchronization Service
Source: svchost.exe, 00000030.00000002.2502093962.0000018A90E2B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9dnSS @
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStoppedlm[
Source: svchost.exe, 00000030.00000002.2502286071.0000018A90E52000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware, Inc.VMware20,1NoneVMware-42 27 88 19 56 cc 59 1a-97 79 fb 8c bf a1 e2 9d
Source: svchost.exe, 0000000C.00000002.2502671926.0000020AD4231000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000018.00000002.1466810362.0000000003370000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001C.00000002.1577296513.000001DD601D2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000024.00000002.2150679963.0000027DEC291000.00000004.00000020.00020000.00000000.sdmp, AgentPackageSTRemote.exe, 0000002A.00000002.2199195531.000001EE9E228000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1696952170.000001D423198000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2130381875.00000187AB2FC000.00000004.00000020.00020000.00000000.sdmp, AgentPackageUpgradeAgent.exe, 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1799050263.00000248C5209000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServicevmicheartbeatvmicheartbeatStoppedF
Source: svchost.exe, 00000030.00000002.2502404404.0000018A90E68000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMware Virtual disk6000C298128B8C02A71A2474AEB5F3DC0VMwareVirtual disk<m
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2126951951.00000187AB255000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicshutdown"5U
Source: svchost.exe, 00000030.00000002.2502675641.0000018A90EA7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: VMwareVirtual disk2.06000c298128b8c02a71a2474aeb5f3dcPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: svchost.exe, 00000030.00000002.2502675641.0000018A90EA7000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2122617084.00000187AB1C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a platform for communication between the virtual machine and the operating system running on the physical computer.Hyper-V Remote Desktop Virtualization ServicevmicrdvStopped
Source: svchost.exe, 00000009.00000002.2503437386.000001C53EC2B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\
Source: svchost.exe, 00000009.00000002.2503437386.000001C53EC2B000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@\??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2127241458.00000187AB267000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a mechanism to manage virtual machine with PowerShell via VM session without a virtual network.Hyper-V PowerShell Direct ServicevmicvmsessionStopped
Source: AteraAgent.exe, 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, AgentPackageMonitoring.exe, 0000002D.00000002.1694216775.000001D422C12000.00000002.00000001.01000000.0000001F.sdmp, AgentPackageMonitoring.exe, 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp, Atera.AgentPackages.CommonLib.dll.36.dr Binary or memory string: get_IsVirtualMachine
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C5292000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides an interface for the Hyper-V host to interact with specific services running inside the virtual machine.Hyper-V Guest Service InterfacevmicguestinterfaceStopped
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: Win32_Service.Name="vmicvss"p^
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1800667400.00000248C529D000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000033.00000002.2127241458.00000187AB267000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V PowerShell Direct Service
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2130780477.00000187AB30C000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: MSFT_PhysicalDisk{1}\\user-PC\root/Microsoft/Windows/Storage/Providers_v2\SPACES_PhysicalDisk.ObjectId="{a33c734b-61ca-11ee-8c18-806e6f6e6963}:PD:{3c527940-1853-195e-fb1a-27cdb1f80e4a}"6000C298128B8C02A71A2474AEB5F3DCVMware Virtual diskVMwareVirtual disk6000c298128b8c02a71a2474aeb5f3dcPCI Slot 32 : Bus 2 : Device 0 : Function 0 : Adapter 0 : Port 0 : Target 0 : LUN 0
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1799756671.00000248C522F000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServicevmicvssvmicvssStoppedh:
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Win32_Service.Name="vmicshutdown"p^
Source: svchost.exe, 00000009.00000002.2502544883.000001C53EC02000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: HvHostWdiSystemHostScDeviceEnumWiaRpctrkwksAudioEndpointBuilderhidservdot3svcUmRdpServiceDsSvcfhsvcvmickvpexchangevmicshutdownvmicguestinterfacevmicvmsessionsvsvcStorSvcWwanSvcvmicvssDevQueryBrokerNgcSvcsysmainNetmanTabletInputServicePcaSvcDisplayEnhancementServiceIPxlatCfgSvcDeviceAssociationServiceNcbServiceEmbeddedModeSensorServicewlansvcCscServiceWPDBusEnumMixedRealityOpenXRSvc
Source: svchost.exe, 00000030.00000002.2503658268.0000018A90ED3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: @SetPropValue.Manufacturer("VMware");
Source: svchost.exe, 00000030.00000002.2503212869.0000018A90EAE000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@SetPropValue.FriendlyName("VMware Virtual disk");
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2122617084.00000187AB1C0000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Win32_ServiceProvides a mechanism to exchange data between the virtual machine and the operating system running on the physical computer.Hyper-V Data Exchange ServicevmickvpexchangeStopped
Source: AgentPackageAgentInformation.exe, 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp Binary or memory string: !Hyper-V PowerShell Direct Service
Source: svchost.exe, 00000009.00000002.2503905148.000001C53EC4D000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: #Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
Source: svchost.exe, 00000030.00000002.2503658268.0000018A90ED3000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: (@SetPropValue.Manufacturer("VMware");
Source: AgentPackageAgentInformation.exe, 0000001A.00000002.1581204637.00000206B4E85000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dlldd
Source: AgentPackageAgentInformation.exe, 00000022.00000002.1801549524.00000248C5316000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllTT
Source: C:\Windows\System32\msiexec.exe Process information queried: ProcessInformation Jump to behavior
Checks if the current process is being debugged
Source: C:\Windows\System32\sppsvc.exe Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe Process queried: DebugPort
Source: C:\Windows\System32\sppsvc.exe Process queried: DebugPort
Contains functionality for execution timing, often used to detect debuggers
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Code function: 36_2_00007FFAAC9A92D0 rdtsc 36_2_00007FFAAC9A92D0
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03557B4C __crtCaptureCurrentContext,IsDebuggerPresent,__crtUnhandledException, 45_2_00007FFB03557B4C
Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359AFB0 OutputDebugStringA,GetProcessHeap,OutputDebugStringA,GetLastError,lstrlenW,HeapAlloc,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,GetModuleFileNameW,lstrlenW,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,WinVerifyTrust,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,GetEnvironmentVariableW,SetEnvironmentVariableW,_errno,_errno,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,HeapFree,_snprintf,OutputDebugStringA, 45_2_00007FFB0359AFB0
Contains functionality to dynamically determine API calls
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB03561910 EncodePointer,__crtIsPackagedApp,LoadLibraryExW,GetLastError,LoadLibraryW,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,GetProcAddress,EncodePointer,IsDebuggerPresent,OutputDebugStringW,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer,DecodePointer, 45_2_00007FFB03561910
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359AFB0 OutputDebugStringA,GetProcessHeap,OutputDebugStringA,GetLastError,lstrlenW,HeapAlloc,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetLastError,OutputDebugStringA,GetModuleFileNameW,lstrlenW,OutputDebugStringA,lstrcatW,lstrcatW,lstrcatW,GetFileAttributesW,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,WinVerifyTrust,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetEnvironmentVariableW,OutputDebugStringA,GetCurrentThreadId,GetCurrentProcessId,wsprintfW,GetEnvironmentVariableW,SetEnvironmentVariableW,_errno,_errno,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetLastError,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,HeapFree,_snprintf,OutputDebugStringA, 45_2_00007FFB0359AFB0
Enables debug privileges
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355ACD4 SetUnhandledExceptionFilter,UnhandledExceptionFilter, 45_2_00007FFB0355ACD4
Source: C:\Windows\SysWOW64\rundll32.exe Memory allocated: page read and write | page guard Jump to behavior

HIPS / PFW / Operating System Protection Evasion
barindex
System process connects to network (likely due to code injection or exploit)
Source: C:\Windows\SysWOW64\rundll32.exe Network Connect: 40.119.152.241 443
Creates a process in suspended mode (likely to inject code)
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="ilpilarsaomateus@gmail.com" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000Lu4JQIAZ" /AgentId="66902f0e-5571-47c0-8de5-86038d3e7b35" Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\System32\msiexec.exe Process created: unknown unknown Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\net.exe Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "a7726a3f-8b3e-4e5c-93fd-b7293e973556" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cd1ad75d-30e1-481a-b7d6-4d6b012e03f7" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "3f72da7d-d915-4f53-8bc1-de00eab8c542" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "db753a87-56d5-4df4-b088-df029e1319dc" agent-api.atera.com/Production 443 or8ixLi90Mf "identified" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "b27bbec1-8375-4d6e-a646-54dd514ea664" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo fromGui" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "25d94b19-dd8c-444e-8649-b75dcdab378e" agent-api.atera.com/Production 443 or8ixLi90Mf "install eyJSbW1Db2RlIjoiaFpDREZQaEs3NW1KIn0=" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cb18c271-196a-4aaf-9ea1-03326a248300" agent-api.atera.com/Production 443 or8ixLi90Mf "syncprofile" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "62bbbd59-291d-44d5-8ada-88594b5f534e" agent-api.atera.com/Production 443 or8ixLi90Mf "generalinfo" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "153560a1-b70b-409f-affc-69982282c523" agent-api.atera.com/Production 443 or8ixLi90Mf "checkforupdates" 001Q300000Lu4JQIAZ
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Process created: unknown unknown
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Process created: unknown unknown
Source: C:\Windows\System32\cmd.exe Process created: C:\Windows\System32\cscript.exe cscript "C:\Program Files (x86)\Microsoft Office\Office16\ospp.vbs" /dstatus
Uses taskkill to terminate processes
Source: C:\Windows\SysWOW64\msiexec.exe Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="ilpilarsaomateus@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000lu4jqiaz" /agentid="66902f0e-5571-47c0-8de5-86038d3e7b35"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "a7726a3f-8b3e-4e5c-93fd-b7293e973556" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cd1ad75d-30e1-481a-b7d6-4d6b012e03f7" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "3f72da7d-d915-4f53-8bc1-de00eab8c542" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "db753a87-56d5-4df4-b088-df029e1319dc" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "b27bbec1-8375-4d6e-a646-54dd514ea664" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "25d94b19-dd8c-444e-8649-b75dcdab378e" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cb18c271-196a-4aaf-9ea1-03326a248300" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "62bbbd59-291d-44d5-8ada-88594b5f534e" agent-api.atera.com/production 443 or8ixli90mf "generalinfo" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "153560a1-b70b-409f-affc-69982282c523" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000lu4jqiaz
Source: C:\Windows\System32\msiexec.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "c:\program files (x86)\atera networks\ateraagent\ateraagent.exe" /i /integratorlogin="ilpilarsaomateus@gmail.com" /companyid="1" /integratorloginui="" /companyidui="" /folderid="" /accountid="001q300000lu4jqiaz" /agentid="66902f0e-5571-47c0-8de5-86038d3e7b35" Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "a7726a3f-8b3e-4e5c-93fd-b7293e973556" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cd1ad75d-30e1-481a-b7d6-4d6b012e03f7" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "3f72da7d-d915-4f53-8bc1-de00eab8c542" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "db753a87-56d5-4df4-b088-df029e1319dc" agent-api.atera.com/production 443 or8ixli90mf "identified" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "b27bbec1-8375-4d6e-a646-54dd514ea664" agent-api.atera.com/production 443 or8ixli90mf "generalinfo fromgui" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagestremote\agentpackagestremote.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "25d94b19-dd8c-444e-8649-b75dcdab378e" agent-api.atera.com/production 443 or8ixli90mf "install eyjsbw1db2rlijoiafpdrezqaes3nw1kin0=" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackagemonitoring\agentpackagemonitoring.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "cb18c271-196a-4aaf-9ea1-03326a248300" agent-api.atera.com/production 443 or8ixli90mf "syncprofile" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "62bbbd59-291d-44d5-8ada-88594b5f534e" agent-api.atera.com/production 443 or8ixli90mf "generalinfo" 001q300000lu4jqiaz
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageupgradeagent\agentpackageupgradeagent.exe" 66902f0e-5571-47c0-8de5-86038d3e7b35 "153560a1-b70b-409f-affc-69982282c523" agent-api.atera.com/production 443 or8ixli90mf "checkforupdates" 001q300000lu4jqiaz
Contains functionality to query CPU information (cpuid)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355739C cpuid 45_2_00007FFB0355739C
Queries the product ID of Windows
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion DigitalProductId
Queries the volume information (name, serial number etc) of a device
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\msiexec.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSIFBAD.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI16A.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI16A.tmp-\Newtonsoft.Json.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C:\ VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C: VolumeInformation Jump to behavior
Source: C:\Windows\System32\svchost.exe Queries volume information: C: VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI14C4.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll VolumeInformation Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI330F.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Installer\MSI330F.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\StructureMap.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\OpenHardwareMonitorLib.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Polly.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Threading.Tasks\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Threading.Tasks.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\NLog.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Collections\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Collections.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Linq\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Linq.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ValueTuple\v4.0_4.0.0.0__cc7b13ffcd2ddd51\System.ValueTuple.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\System.Data.SQLite.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Dapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\Microsoft.Win32.TaskScheduler.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0355CC04 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter, 45_2_00007FFB0355CC04
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB035585D4 _lock,_get_daylight,_get_daylight,_get_daylight,___lc_codepage_func,free,_malloc_crt,_invoke_watson,free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson,_invoke_watson, 45_2_00007FFB035585D4
Source: C:\Windows\SysWOW64\rundll32.exe Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings
barindex
Changes security center settings (notifications, updates, antivirus, firewall)
Source: C:\Windows\System32\svchost.exe Key value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Provider\Av\{D68DDC3A-831F-4fae-9E44-DA132C1ACF46} STATE Jump to behavior
AV process strings found (often used to terminate AV products)
Source: svchost.exe, 0000000A.00000002.2505955863.0000029515F02000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: gramFiles%\Windows Defender\MsMpeng.exe
Source: svchost.exe, 0000000A.00000002.2505955863.0000029515F02000.00000004.00000020.00020000.00000000.sdmp Binary or memory string: %ProgramFiles%\Windows Defender\MsMpeng.exe
Adds / modifies Windows certificates
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Source: C:\Windows\System32\svchost.exe WMI Queries: IWbemServices::ExecNotificationQuery - ROOT\SecurityCenter : SELECT * FROM __InstanceOperationEvent WHERE TargetInstance ISA &apos;AntiVirusProduct&apos; OR TargetInstance ISA &apos;FirewallProduct&apos; OR TargetInstance ISA &apos;AntiSpywareProduct&apos;
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files\Windows Defender\MpCmdRun.exe WMI Queries: IWbemServices::CreateInstanceEnum - root\SecurityCenter2 : AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiVirusProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from AntiSpywareProduct
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe WMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select displayName,productState from FirewallProduct

Remote Access Functionality
barindex
Yara detected AteraAgent
Source: Yara match File source: 42.0.AgentPackageSTRemote.exe.1ee85030000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 28.2.AgentPackageAgentInformation.exe.1dd472c0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 45.0.AgentPackageMonitoring.exe.1d422770000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 53.0.AgentPackageUpgradeAgent.exe.1b35a970000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 45.2.AgentPackageMonitoring.exe.1d422c10000.1.unpack, type: UNPACKEDPE
Source: Yara match File source: 36.2.AteraAgent.exe.27d802998d8.0.raw.unpack, type: UNPACKEDPE
Source: Yara match File source: 20.0.AteraAgent.exe.282b3040000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 26.0.AgentPackageAgentInformation.exe.2069bbd0000.0.unpack, type: UNPACKEDPE
Source: Yara match File source: 00000024.00000002.2155555456.0000027DEC66C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80539000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2150679963.0000027DEC26C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC190000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329E61000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2168433819.000001EE85220000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1694634338.000001D422C70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1589816031.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2145707445.0000027DEB230000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1896332173.000002A342148000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000002.2046067313.000001F111BCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACBD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1802242322.00000248C5385000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2202850018.000001EE9E2C8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792DEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329C7F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D807EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.1468699862.0000000005234000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1694216775.000001D422C12000.00000002.00000001.01000000.0000001F.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2151925768.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1878116692.000002A329149000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1804019914.00000248C546E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E8A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1722197586.000001D43C915000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.00000187928C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329FBD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1808201586.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A141000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1404747077.00000282CD823000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329F68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E99000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2140880493.0000027DEB1A9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2190568153.000001B35AEC5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC215000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2085641808.000000BE3C134000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1592759090.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1571490470.000001DD473A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1622260091.00000131ACD73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80299000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2122617084.00000187AB1C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A3424DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1877972695.000002A328FD0000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC1D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1574235267.000002069C85F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1568260436.000002069BD9E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD470F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.1697045305.0000029025B50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1736383824.00007FFB036E9000.00000004.00000001.01000000.0000001E.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACC3F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80060000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2168093156.000001EE851E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A00B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1560441536.000002069BD80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D806BB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792851000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.00000187920EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACBCC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2140880493.0000027DEB15C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000000.1930927486.000001B35A972000.00000002.00000001.01000000.00000029.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD4710F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2150679963.0000027DEC291000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2158613123.0000027DEC6DB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2171122634.000001EE852CA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1327694824.0000000004844000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2155555456.0000027DEC632000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACC3B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A3424C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329C08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1697943618.000001D4232A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.000001879213A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000000D.00000003.1331654140.00000000041F4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A34254E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1405879986.00007FFB0BB30000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000002.2046286937.000001F111CC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329DBE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1568260436.000002069BDC1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792897000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1571797704.000001DD479E3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329CF6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2087376733.000000BE3C335000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1626578796.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2169067788.000001EE8523E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4F4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000002.1468699862.0000000005191000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D8033C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1610900588.00000131AC42B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2170161544.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACAA3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2182180380.000000AC472F3000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329CE0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2140880493.0000027DEB128000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD47132000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E84000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2084967627.000000BE3B935000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1622260091.00000131ACDBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880039341.000002A329270000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1585093238.000001851EE00000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329E4E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4F02000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2087554285.000000BE3C435000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2210125521.000001B373BC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D804E5000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1404068454.00000282CD490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2169067788.000001EE852AC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.00000187920CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2190884933.000001B35B4DB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D8035B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1722382611.000001D43C926000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1909211556.00007FFB23B20000.00000004.00000001.01000000.00000013.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80819000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1404420688.00000282CD5E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC1CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACC0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1722155139.000001D43C717000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80545000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2183736490.000001B35ABB1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1568260436.000002069BDCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A342563000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80102000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000000.1363107154.00000282B3042000.00000002.00000001.01000000.00000010.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329A41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD470F8000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1590833917.000001851F683000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D802B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2169067788.000001EE85260000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.1697255268.0000029025C50000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1800817334.00000248C52AD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000000.1610870120.000001EE85032000.00000002.00000001.01000000.0000001C.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1590833917.000001851F601000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000000.1533103031.000002069BBD2000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1571375000.000002069BFB0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2190884933.000001B35B3D1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1586780777.000001851EE68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80321000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4DD1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2158613123.0000027DEC69C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80724000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A0BA000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D803D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329E50000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1571157311.000001DD472C2000.00000002.00000001.01000000.0000001A.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2174501497.000001EE85A08000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1586780777.000001851EE60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1875929368.000000A728B85000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2183736490.000001B35ABFD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.00000187920B0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790376859.00000248AC490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4F36000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D804E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1402227067.00000282B316E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.1697045305.0000029025B5B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1722496320.000001D43CB6D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1402227067.00000282B30EC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1610900588.00000131AC472000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A1A6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A19C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACC86000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403357661.00000282B33D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1586780777.000001851EEE9000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792A26000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2190884933.000001B35B261000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80232000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD47175000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1574235267.000002069C7E7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E59000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1622260091.00000131ACD47000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000005.00000003.1267628350.00000000048F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2189733854.000001B35AD40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1610900588.00000131AC431000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1696952170.000001D423198000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329CD3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A04F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D805AD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1569432210.000001DD4712C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D8085E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACA11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1697943618.000001D42338D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329DDF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1574235267.000002069C7A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2199195531.000001EE9E228000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1790807938.00000248ACB73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000002.2046067313.000001F111BE3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2140880493.0000027DEB1C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1901343649.000002A34268D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1900170957.000002A3425F7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2147079923.0000027DEB400000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000003.1591953076.0000029025C70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2135255406.00000187AB3DD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D803EB000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692653802.000001D422ACC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792DAD000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2088867970.0000018792070000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000029.00000002.1693658473.0000024616A80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D803D9000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D8058E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2127533637.00000187AB286000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A342505000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692653802.000001D422A40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D802FE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1896332173.000002A342100000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1402227067.00000282B3120000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329EA8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2190884933.000001B35B377000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D8051E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A0BC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2174501497.000001EE85991000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2155555456.0000027DEC64F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000000.1639820961.000001D422772000.00000002.00000001.01000000.0000001D.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4F05000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.00000187928D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692092530.000001D422860000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000002.2046067313.000001F111BC0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692653802.000001D422A80000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1574235267.000002069C813000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1618685636.00000131AC6E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80726000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2086154085.000000BE3C229000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1878116692.000002A329100000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1405442881.00007FFAAC7E4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1622260091.00000131ACD01000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2155555456.0000027DEC617000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.0000018792193000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1878116692.000002A32913F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1590833917.000001851F673000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80543000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2155555456.0000027DEC610000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692653802.000001D422A4C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80560000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2210125521.000001B373C55000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000003.2045113682.000001F111BE7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000003.1288418547.000000000464A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2140880493.0000027DEB120000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2095306627.0000018792E36000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A32A056000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1902010257.000002A342905000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000018.00000003.1408439085.0000000004EEA000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000036.00000003.1932548750.000001F111CE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2199195531.000001EE9E222000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2079087323.000000BE3A0F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000027.00000002.1697045305.0000029025B74000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1403578923.00000282B4E82000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1692653802.000001D422A86000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329E0C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1404068454.00000282CD4D7000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D804D7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000008.00000002.1327694824.00000000047A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1898386456.000002A3424CE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000020.00000002.1586780777.000001851EE9D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1580440319.00000206B4E60000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D80353000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000039.00000002.2038115398.000002056C000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329AAE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2088334568.0000027D803F0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1897843477.000002A3421CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1610900588.00000131AC3F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC1AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000033.00000002.2089271472.00000187920FC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000022.00000002.1789224660.00000248AC275000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1402227067.00000282B3184000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000014.00000002.1402227067.00000282B30E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1571797704.000001DD479D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2174501497.000001EE85B96000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000035.00000002.2183736490.000001B35AB70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000024.00000002.2150679963.0000027DEC317000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002A.00000002.2174501497.000001EE85B0D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1880894733.000002A329F12000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1568260436.000002069BE0D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001E.00000002.1622260091.00000131ACD83000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001A.00000002.1574235267.000002069C823000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 00000015.00000002.1878116692.000002A32918E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000001C.00000002.1571797704.000001DD47961000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: 0000002D.00000002.1697943618.000001D423841000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 7132, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 6328, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 4300, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AteraAgent.exe PID: 2020, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AteraAgent.exe PID: 720, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: rundll32.exe PID: 1860, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 1920, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 1480, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5572, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3964, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3260, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AteraAgent.exe PID: 1020, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: cmd.exe PID: 1464, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: cscript.exe PID: 2352, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageSTRemote.exe PID: 6208, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageMonitoring.exe PID: 1100, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 1340, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: AgentPackageUpgradeAgent.exe PID: 2864, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: cmd.exe PID: 4948, type: MEMORYSTR
Source: Yara match File source: Process Memory Space: cscript.exe PID: 5664, type: MEMORYSTR
Source: Yara match File source: C:\Windows\Temp\~DFF85B65DD083C28D1.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageUpgradeAgent\AgentPackageUpgradeAgent.exe, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF07D540AE027F4656.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMarketplace\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageHeartbeat\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI2F94.tmp, type: DROPPED
Source: Yara match File source: C:\Config.Msi\3dfa4b.rbs, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF27045DF9BB3D83EC.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF8CD3DD11D85A5C11.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\UserDetections.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI4F07.tmp, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\TicketingPackageExtensions.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF3748246E0295C8E7.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF9A8BC046147F428C.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI16A.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI14C4.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSIFBAD.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSystemTools\AgentPackageSystemTools.exe, type: DROPPED
Source: Yara match File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.CommonLib.dll, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF1E29FC9B342B27CE.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF50AE555E1AE6C734.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\AteraSetupLog.txt, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\RestartReminder.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.exe, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DFB1DAA7BE4628F397.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI18BD.tmp, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DFF55CA7399CFD76B7.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageTicketing\AgentPackageTicketing.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF8D23518F04E02162.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF0BA98394DFBAFEC5.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageInternalPoller\AgentPackageInternalPoller.exe, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF4090650E6245C6F2.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF946B63CA5CEB85FD.TMP, type: DROPPED
Source: Yara match File source: C:\Config.Msi\3dfa46.rbs, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DFA7EEBB2557D24724.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\Atera.AgentPackages.ModelsV3.dll, type: DROPPED
Source: Yara match File source: C:\Config.Msi\3dfa53.rbs, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageSTRemote\AgentPackageSTRemote.exe, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF7EC49C7F7F89DD72.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF2A5BC4EA07A7A256.TMP, type: DROPPED
Source: Yara match File source: C:\Windows\Installer\MSI330F.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageProgramManagement\AgentPackageProgramManagement.exe, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\ToBeRemoved\AteraAgent.InstallLog, type: DROPPED
Source: Yara match File source: C:\Windows\Temp\~DF566BF609044F45EB.TMP, type: DROPPED
Source: Yara match File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageOsUpdates\AgentPackageOsUpdates.Common.dll, type: DROPPED
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageMonitoring\AgentPackageMonitoring.exe Code function: 45_2_00007FFB0359B9F0 GetModuleHandleW,OutputDebugStringA,GetProcAddress,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,GetModuleHandleW,OutputDebugStringA,GetLastError,GetProcAddress,OutputDebugStringA,OutputDebugStringA,CorBindToRuntimeEx,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,OutputDebugStringA,_snprintf,OutputDebugStringA, 45_2_00007FFB0359B9F0
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1520637 Sample: SecuriteInfo.com.Program.Re... Startdate: 27/09/2024 Architecture: WINDOWS Score: 100 145 Multi AV Scanner detection for dropped file 2->145 147 Yara detected AteraAgent 2->147 149 Queries sensitive sound device information (via WMI, Win32_SoundDevice, often done to detect virtual machines) 2->149 151 6 other signatures 2->151 8 AteraAgent.exe 2->8         started        13 msiexec.exe 173 118 2->13         started        15 AteraAgent.exe 2->15         started        17 11 other processes 2->17 process3 dnsIp4 135 20.37.139.187 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 8->135 89 C:\...\System.Management.dll, PE32 8->89 dropped 91 C:\...91ewtonsoft.Json.dll, PE32 8->91 dropped 93 C:\...\Microsoft.Win32.TaskScheduler.dll, PE32 8->93 dropped 101 176 other malicious files 8->101 dropped 159 Installs Task Scheduler Managed Wrapper 8->159 19 AgentPackageUpgradeAgent.exe 8->19         started        36 2 other processes 8->36 95 C:\Windows\Installer\MSIFBAD.tmp, PE32 13->95 dropped 97 C:\Windows\Installer\MSI57D5.tmp, PE32 13->97 dropped 99 C:\Windows\Installer\MSI330F.tmp, PE32 13->99 dropped 103 59 other files (50 malicious) 13->103 dropped 23 msiexec.exe 13->23         started        25 AteraAgent.exe 13->25         started        28 msiexec.exe 13->28         started        137 93.184.221.240 EDGECASTUS European Union 15->137 139 13.35.58.124 AMAZON-02US United States 15->139 143 2 other IPs or domains 15->143 105 31 other malicious files 15->105 dropped 161 Creates files in the system32 config directory 15->161 163 Reads the Security eventlog 15->163 165 Reads the System eventlog 15->165 30 AgentPackageSTRemote.exe 15->30         started        32 AgentPackageAgentInformation.exe 15->32         started        38 6 other processes 15->38 141 20.101.57.9 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 17->141 167 Query firmware table information (likely to detect VMs) 17->167 169 Changes security center settings (notifications, updates, antivirus, firewall) 17->169 34 MpCmdRun.exe 17->34         started        file5 signatures6 process7 dnsIp8 123 20.60.197.1 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 19->123 75 C:\...\System.ValueTuple.dll, PE32 19->75 dropped 77 C:\Program Files (x86)\...\Pubnub.dll, PE32 19->77 dropped 79 C:\...79ewtonsoft.Json.dll, PE32 19->79 dropped 87 4 other malicious files 19->87 dropped 40 conhost.exe 19->40         started        42 rundll32.exe 23->42         started        52 3 other processes 23->52 125 192.229.221.95 EDGECASTUS United States 25->125 127 2.19.126.163 AKAMAI-ASUS European Union 25->127 81 C:\Windows\System32\InstallUtil.InstallLog, Unicode 25->81 dropped 83 C:\...\AteraAgent.InstallLog, Unicode 25->83 dropped 153 Creates files in the system32 config directory 25->153 155 Reads the Security eventlog 25->155 157 Reads the System eventlog 25->157 55 2 other processes 28->55 129 35.71.184.3 MERIT-AS-14US United States 30->129 131 13.35.58.89 AMAZON-02US United States 30->131 85 C:\Windows\Temp\SplashtopStreamer.exe, PE32 30->85 dropped 46 conhost.exe 30->46         started        48 conhost.exe 32->48         started        50 conhost.exe 34->50         started        57 3 other processes 36->57 59 7 other processes 38->59 file9 signatures10 process11 dnsIp12 107 C:\Windows\Installer\...107ewtonsoft.Json.dll, PE32 42->107 dropped 109 C:\...\AlphaControlAgentInstallation.dll, PE32 42->109 dropped 111 C:\Windows\...\System.Management.dll, PE32 42->111 dropped 113 Microsoft.Deployme...indowsInstaller.dll, PE32 42->113 dropped 171 System process connects to network (likely due to code injection or exploit) 42->171 133 40.119.152.241 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 52->133 115 C:\Windows\Installer\...115ewtonsoft.Json.dll, PE32 52->115 dropped 117 C:\...\AlphaControlAgentInstallation.dll, PE32 52->117 dropped 119 C:\Windows\Installer\...119ewtonsoft.Json.dll, PE32 52->119 dropped 121 9 other files (3 malicious) 52->121 dropped 61 conhost.exe 55->61         started        63 net1.exe 55->63         started        65 conhost.exe 55->65         started        67 conhost.exe 57->67         started        69 cscript.exe 57->69         started        71 conhost.exe 59->71         started        73 cscript.exe 59->73         started        file13 signatures14 process15
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
40.119.152.241
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS true
93.184.221.240
 unknown European Union
15133 EDGECASTUS false
13.35.58.89
 unknown United States
16509 AMAZON-02US false
35.157.63.229
 unknown United States
16509 AMAZON-02US false
20.37.139.187
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
2.19.126.163
 unknown European Union
16625 AKAMAI-ASUS false
13.35.58.124
 unknown United States
16509 AMAZON-02US false
20.101.57.9
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false
35.71.184.3
 unknown United States
237 MERIT-AS-14US false
192.229.221.95
 unknown United States
15133 EDGECASTUS false
13.35.58.7
 unknown United States
16509 AMAZON-02US false
20.60.197.1
 unknown United States
8075 MICROSOFT-CORP-MSN-AS-BLOCKUS false