Windows Analysis Report
9rSeCZbjZE.msi

AV Detection

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

ReversingLabs: Detection: 26%

Source: 9rSeCZbjZE.msi

ReversingLabs: Detection: 26%

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.2% probability

Compliance

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50329 version: TLS 1.2

Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbenSC source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbi]M source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbrePerm source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbS* source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb0 source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nC:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb'( source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
Source:	Binary string: \??\C:\Windows\System.pdb?+2 source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb| source: rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.dr
Source:	Binary string: nC:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb3Z source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP~n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.16.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdbJ source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 9rSeCZbjZE.msi, 6788d4.msi.2.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, MSIA873.tmp.2.dr
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.PDBV source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
Source:	Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdbc source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbEER? source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb> source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
Source:	Binary string: l\System.pdba.co source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 9rSeCZbjZE.msi, MSIA257.tmp.2.dr, MSIBFA8.tmp.2.dr, 6788d4.msi.2.dr, MSI90F1.tmp.2.dr, 6788d2.msi.2.dr, MSI8AD6.tmp.2.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr

Spreading

Source: C:\Windows\System32\msiexec.exe	File opened: z:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: x:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: v:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: t:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: r:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: p:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: n:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: l:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: j:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: h:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: f:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: b:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: y:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: w:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: u:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: s:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: q:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: o:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: m:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: k:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: i:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: g:			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File opened: e:			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File opened: c:
Source: C:\Windows\System32\msiexec.exe	File opened: a:			Jump to behavior

Software Vulnerabilities

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34121873h		15_2_00007FFD3412172D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34121FFFh		15_2_00007FFD34121FAC
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD3414B982h		16_2_00007FFD3414B72E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34134ECBh		16_2_00007FFD34134CB7
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34134ECBh		16_2_00007FFD34134DCE
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34131FFFh		16_2_00007FFD34131EB6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD3414B982h		16_2_00007FFD3414B92F
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34131873h		16_2_00007FFD34130C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34131A44h		16_2_00007FFD34130C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD34131FFFh		16_2_00007FFD34130C58
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 4x nop then jmp 00007FFD3413227Bh		16_2_00007FFD34130C58

Networking

Source: Yara match	File source: 22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f36f539c-eb12-4043-bfe7-1d97ad63c39f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=380907e5-e0c8-46fb-b9fe-40434342a790&tr=43&tt=17278894987677237&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d393e12b-59f9-4e9a-bc9e-906a9df5d4e6&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d801375-a995-437f-bb39-2b768a2ffc35&tr=43&tt=17278895004778637&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52c8216d-05cf-454c-a953-97630402804f&tr=43&tt=17278895006475514&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a4a5d4f-5b09-4fad-801d-892636c9dc6a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c5ea83a9-6787-461b-8a54-7de49826b09e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9cb48613-11df-4d8d-bc5c-fa5e5ab558d5&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=74bc8fec-f7c7-42f9-bbb5-52fc69f7a991&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=851fda1c-40e7-4860-a1ac-7bad32d44904&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4f87737f-1b62-4af8-b79d-0d83dea7e1ad&tr=42&tt=17278895727657695&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82e1c4c5-92aa-4a47-9b1c-e11c9784fe8f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=efbebcfb-7bb3-43e2-b11d-755acc1cb2ea&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=008faf90-ab1c-4899-89f6-2dbcd7a42fd9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=79289950-7a17-428a-947f-ec76be2af615&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7550efe2-9858-4f29-a8d7-d203f10abde8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=00b37824-93b6-4d7a-b2dc-353b2c5821b2&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe9a9b1c-a39b-458e-8a93-5d2da71a97cf&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1324944-3eb5-4603-b606-61bac33d279e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8afe7cc-9cec-4ac9-a211-a601f770ea27&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0b7b885a-94d1-4d36-95b0-fc7e6fc59620&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cf3cae32-92fb-4e81-9496-f8af61b2fa4a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d861a120-c366-48a0-bdd6-393525d9ab24&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe4dc753-76d3-47b1-b870-ca18c7257e67&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f2d0a29d-70d7-43cd-8021-6401d6433d4a&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33567a39-1018-4253-b589-cca2355f89b1&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=165e6729-6dc8-407f-96f8-476143fe89f4&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd5dc503-93f3-49c6-a09d-9a7cb6289240&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=61259368-8a2d-4297-b191-f4a387ad4f8f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8180b6be-ed13-47f3-8b34-1428ceb5eb37&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

Source: Joe Sandbox View	IP Address: 35.157.63.228 35.157.63.228
Source: Joe Sandbox View	IP Address: 35.157.63.229 35.157.63.229
Source: Joe Sandbox View	IP Address: 13.35.58.104 13.35.58.104

Source: Joe Sandbox View

JA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e

Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49732 -> 35.157.63.229:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49737 -> 35.157.63.229:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49729 -> 35.157.63.229:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49747 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49773 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49753 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49765 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49801 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49807 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49781 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49854 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49863 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49786 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49816 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49901 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49923 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49843 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49932 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49943 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49757 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49965 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49872 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49828 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49879 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50328 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50322 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50325 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49893 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49908 -> 35.157.63.228:443
Source: Network traffic	Suricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49953 -> 35.157.63.228:443

Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f36f539c-eb12-4043-bfe7-1d97ad63c39f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=380907e5-e0c8-46fb-b9fe-40434342a790&tr=43&tt=17278894987677237&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d393e12b-59f9-4e9a-bc9e-906a9df5d4e6&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d801375-a995-437f-bb39-2b768a2ffc35&tr=43&tt=17278895004778637&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52c8216d-05cf-454c-a953-97630402804f&tr=43&tt=17278895006475514&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a4a5d4f-5b09-4fad-801d-892636c9dc6a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c5ea83a9-6787-461b-8a54-7de49826b09e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9cb48613-11df-4d8d-bc5c-fa5e5ab558d5&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=74bc8fec-f7c7-42f9-bbb5-52fc69f7a991&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=851fda1c-40e7-4860-a1ac-7bad32d44904&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4f87737f-1b62-4af8-b79d-0d83dea7e1ad&tr=42&tt=17278895727657695&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82e1c4c5-92aa-4a47-9b1c-e11c9784fe8f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=efbebcfb-7bb3-43e2-b11d-755acc1cb2ea&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=008faf90-ab1c-4899-89f6-2dbcd7a42fd9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=79289950-7a17-428a-947f-ec76be2af615&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7550efe2-9858-4f29-a8d7-d203f10abde8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=00b37824-93b6-4d7a-b2dc-353b2c5821b2&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe9a9b1c-a39b-458e-8a93-5d2da71a97cf&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1324944-3eb5-4603-b606-61bac33d279e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8afe7cc-9cec-4ac9-a211-a601f770ea27&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0b7b885a-94d1-4d36-95b0-fc7e6fc59620&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cf3cae32-92fb-4e81-9496-f8af61b2fa4a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d861a120-c366-48a0-bdd6-393525d9ab24&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe4dc753-76d3-47b1-b870-ca18c7257e67&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f2d0a29d-70d7-43cd-8021-6401d6433d4a&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33567a39-1018-4253-b589-cca2355f89b1&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=165e6729-6dc8-407f-96f8-476143fe89f4&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd5dc503-93f3-49c6-a09d-9a7cb6289240&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=61259368-8a2d-4297-b191-f4a387ad4f8f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
Source: global traffic	HTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8180b6be-ed13-47f3-8b34-1428ceb5eb37&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com

Source: global traffic	DNS traffic detected: DNS query: agent-api.atera.com
Source: global traffic	DNS traffic detected: DNS query: ps.pndsn.com
Source: global traffic	DNS traffic detected: DNS query: ps.atera.com

Source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.2.dr	String found in binary or memory: http://acontrol.atera.com/
Source: rundll32.exe, 00000005.00000002.2196990122.00000000047A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9084D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AE5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D801F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39C5F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.000002908012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2780F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://agent-api.atera.com
Source: rundll32.exe, 00000005.00000002.2196990122.00000000047A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9084D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AE5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D801F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39C5F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.000002908012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2780F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
Source: AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.F
Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://cacerts.digicert.com/
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.16.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: F2E248BEDDBB2D85122423C41028BFD40.16.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9513000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0894000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A523B4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D757A5000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F992000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF27671000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF2765F000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E2C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m5
Source: AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.micros
Source: AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F9AA000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.microsoft
Source: AteraAgent.exe, 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl.dllNU
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlM
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
Source: BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F8FE0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crle
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crli
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F9017000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlJ
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fb5fbb6
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/rue)
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.dr	String found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
Source: Newtonsoft.Json.dll.19.dr	String found in binary or memory: http://james.newtonking.com/projects/json
Source: AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AEE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://microsoft.cot
Source: AteraAgent.exe, 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.15.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.15.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8F4D000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.15.dr	String found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.com/l
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9513000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0894000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A523B4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D757A5000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F992000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF27671000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF2765F000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi	String found in binary or memory: http://ocsp.digicert.com0A
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, AteraAgent.exe.2.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://ocsp.digicert.com0K
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Newtonsoft.Json.dll.19.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://ocsp.digicert.com0O
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F862D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlG
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl%
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F862D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl9
Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crli
Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org
Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/
Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
Source: rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: http://wixtoolset.org
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr	String found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr	String found in binary or memory: http://wixtoolset.org/news/
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr	String found in binary or memory: http://wixtoolset.org/releases/
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.o
Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: http://www.w3.oh
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.P
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.PhL
Source: rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.aterD
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/
Source: AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent
Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr	String found in binary or memory: https://agent-api.atera.com/Production/Agent/
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
Source: AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9039A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands0
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback0
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback2
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallbackp
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.ection
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.lationship
Source: rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
Source: System.ValueTuple.dll.2.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
Source: System.ValueTuple.dll.2.dr	String found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
Source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr	String found in binary or memory: https://github.com/icsharpcode/SharpZipLib
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9029E000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90357000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90275000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformati
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90357000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90275000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9035B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.co
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=05f81208-6e8b-4d63-ad3d-db3fdf77ee8e
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=08b51ed0-2f58-4675-b289-2b6f9275c37c
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=17243d50-1dca-4ab3-8ffd-cdd1f9da06cf
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4ee16bff-5410-41d1-916b-4d0016819a50
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=68d2cd14-add9-4c6c-a93e-77e26890884e
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=78a683fe-d9e2-4a77-b254-ef31610e8e8a
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79393e20-2c61-46ac-ae9a-25b77ed36f5f
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8370432f-ad78-46cb-91a9-bb6b24dcdf0f
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5a52dd9-092a-47a9-965a-6b556c722544
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e617c77f-7e15-4b94-aa83-1b1744a880da
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e72fe1fd-d99c-400f-8cf3-5c7c15cf01f0
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ed7663bf-07a2-49d1-aec8-1bf5757e5d78
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78
Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: https://www.newtonsoft.com/json
Source: Newtonsoft.Json.dll.19.dr	String found in binary or memory: https://www.newtonsoft.com/jsonschema
Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr	String found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50211 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50234 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50325 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown	Network traffic detected: HTTP traffic on port 50015 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50269 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 50326 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49955
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 50142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49955 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 50210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown	Network traffic detected: HTTP traffic on port 50061 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50221 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50176 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49883
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49873
Source: unknown	Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50302 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50216
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50215
Source: unknown	Network traffic detected: HTTP traffic on port 50254 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50210
Source: unknown	Network traffic detected: HTTP traffic on port 50059 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50211
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50214
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50221
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50222
Source: unknown	Network traffic detected: HTTP traffic on port 50289 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50230
Source: unknown	Network traffic detected: HTTP traffic on port 49918 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49873 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50234
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50233
Source: unknown	Network traffic detected: HTTP traffic on port 50001 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50037 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50249
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50006
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50248
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 50255 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 50093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50001
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49941 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50306 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50306
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50278 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50070 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50302
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50233 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50316
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50318
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50311
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50312
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49883 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50205
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50326
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50325
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50207
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50329
Source: unknown	Network traffic detected: HTTP traffic on port 50316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50322
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50290 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50298
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50299
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50180
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50061
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50063
Source: unknown	Network traffic detected: HTTP traffic on port 50102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50010 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50274 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50185
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown	Network traffic detected: HTTP traffic on port 50113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50205 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50216 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50192
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50275 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50078
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50198
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50089
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50131
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50254
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50255
Source: unknown	Network traffic detected: HTTP traffic on port 50078 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50136
Source: unknown	Network traffic detected: HTTP traffic on port 50161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50261
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50260
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50215 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50230 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50149
Source: unknown	Network traffic detected: HTTP traffic on port 50299 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50142
Source: unknown	Network traffic detected: HTTP traffic on port 50318 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50269
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50151
Source: unknown	Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50329 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50298 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50274
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50275
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50278
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50037
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50158
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50283
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50161
Source: unknown	Network traffic detected: HTTP traffic on port 50089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50043
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50284
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50289
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50290
Source: unknown	Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50311 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50283 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50043 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50249 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50207 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49941
Source: unknown	Network traffic detected: HTTP traffic on port 50296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50261 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50063 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50019 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50322 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900

Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49722 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49724 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49739 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49752 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49760 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49764 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49767 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49765 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49781 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49780 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49783 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49784 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49785 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49786 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49791 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49792 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49797 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49801 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49810 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49811 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49815 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49827 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49828 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49841 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49843 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49863 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49862 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49872 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49873 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49871 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49876 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49879 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49883 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49889 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49893 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49894 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49895 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49901 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49900 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49905 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49909 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49908 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49924 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49923 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49927 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49934 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49946 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49942 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49943 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49971 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49983 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49988 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49992 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50001 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50006 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50010 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50015 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50019 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50023 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50028 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50031 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50037 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50041 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50043 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50046 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50048 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50051 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50054 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50059 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50061 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50063 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50067 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50070 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50075 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50078 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50085 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50089 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50093 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50096 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50099 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50102 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50107 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50110 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50120 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50123 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50131 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50129 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50135 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50136 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50139 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50142 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50145 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50146 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50149 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50151 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50155 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50154 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50158 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50161 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50162 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50175 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50176 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50179 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50180 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50185 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50192 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50191 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50199 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50207 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50205 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50211 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50215 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50216 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50221 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50230 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50233 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50234 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50249 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50254 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50255 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50261 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50269 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50275 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50274 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50278 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50283 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50289 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50290 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50298 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50299 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50302 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50306 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50311 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50318 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50322 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50329 version: TLS 1.2

E-Banking Fraud

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB			Jump to dropped file

Spam, unwanted Advertisements and Ransom Demands

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgent			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Key opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent

System Summary

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process Stats: CPU usage > 49%

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6788d2.msi			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8AD6.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90F1.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA257.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\inprogressinstallinfo.ipi			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA873.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA883.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8E2.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA9DD.tmp			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6788d4.msi			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\6788d4.msi			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBFA8.tmp			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\CustomAction.config			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\CustomAction.config			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dll			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\CustomAction.config			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\CustomAction.config
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Source: C:\Windows\System32\msiexec.exe

File deleted: C:\Windows\Installer\MSI8AD6.tmp

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06B60040		5_3_06B60040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_3_068250B8		8_3_068250B8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_3_068259A8		8_3_068259A8
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_3_06824D68		8_3_06824D68
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD3412C922		15_2_00007FFD3412C922
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD3412636F		15_2_00007FFD3412636F
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD3412A094		15_2_00007FFD3412A094
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD3412B375		15_2_00007FFD3412B375
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD3412BB76		15_2_00007FFD3412BB76
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3413A840		16_2_00007FFD3413A840
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34141CF0		16_2_00007FFD34141CF0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34153890		16_2_00007FFD34153890
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3414C930		16_2_00007FFD3414C930
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3414CA50		16_2_00007FFD3414CA50
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34151C0E		16_2_00007FFD34151C0E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34143360		16_2_00007FFD34143360
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3413A3FA		16_2_00007FFD3413A3FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3414CF78		16_2_00007FFD3414CF78
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34139AF2		16_2_00007FFD34139AF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34150B93		16_2_00007FFD34150B93
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD342B1A42		16_2_00007FFD342B1A42
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD342B2091		16_2_00007FFD342B2091
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD342B2123		16_2_00007FFD342B2123
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3434F811		16_2_00007FFD3434F811
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3434E21D		16_2_00007FFD3434E21D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD343419F5		16_2_00007FFD343419F5
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3434263D		16_2_00007FFD3434263D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34344866		16_2_00007FFD34344866
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34130C58		16_2_00007FFD34130C58
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06F00040		19_3_06F00040
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06F077F0		19_3_06F077F0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD3415047D		22_2_00007FFD3415047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD34138682		22_2_00007FFD34138682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD3413B739		22_2_00007FFD3413B739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD3414108C		22_2_00007FFD3414108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341378D6		22_2_00007FFD341378D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341319A9		22_2_00007FFD341319A9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD3413FA94		22_2_00007FFD3413FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD3413BDB0		22_2_00007FFD3413BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341305FA		22_2_00007FFD341305FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341410C0		22_2_00007FFD341410C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341330DD		22_2_00007FFD341330DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341331FA		22_2_00007FFD341331FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341312FA		22_2_00007FFD341312FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3416047D		24_2_00007FFD3416047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD34148682		24_2_00007FFD34148682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3414C798		24_2_00007FFD3414C798
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415AFF2		24_2_00007FFD3415AFF2
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415108C		24_2_00007FFD3415108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341478D6		24_2_00007FFD341478D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341419A9		24_2_00007FFD341419A9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3414FA94		24_2_00007FFD3414FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415529D		24_2_00007FFD3415529D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415340D		24_2_00007FFD3415340D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3414246B		24_2_00007FFD3414246B
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415DD84		24_2_00007FFD3415DD84
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341555D9		24_2_00007FFD341555D9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3414BDB0		24_2_00007FFD3414BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341435DD		24_2_00007FFD341435DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD3415DDFA		24_2_00007FFD3415DDFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341405FA		24_2_00007FFD341405FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341496D8		24_2_00007FFD341496D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341510C0		24_2_00007FFD341510C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341430DD		24_2_00007FFD341430DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341431FA		24_2_00007FFD341431FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341412FB		24_2_00007FFD341412FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD34138682		27_2_00007FFD34138682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341378D6		27_2_00007FFD341378D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341319A9		27_2_00007FFD341319A9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341330DD		27_2_00007FFD341330DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341312FA		27_2_00007FFD341312FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341305FA		27_2_00007FFD341305FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341331FA		27_2_00007FFD341331FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD3415047D		27_2_00007FFD3415047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD3413B739		27_2_00007FFD3413B739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD3414108C		27_2_00007FFD3414108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD3413FA94		27_2_00007FFD3413FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD3413BDB0		27_2_00007FFD3413BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341410C0		27_2_00007FFD341410C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD3413047D		29_2_00007FFD3413047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD34118682		29_2_00007FFD34118682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD34123FFA		29_2_00007FFD34123FFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD3412108C		29_2_00007FFD3412108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD341178D6		29_2_00007FFD341178D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD341119A9		29_2_00007FFD341119A9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD3411FA94		29_2_00007FFD3411FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD3411BDB0		29_2_00007FFD3411BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD3411DE1D		29_2_00007FFD3411DE1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD341210C0		29_2_00007FFD341210C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD341112FB		29_2_00007FFD341112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD34118682		31_2_00007FFD34118682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD341178D6		31_2_00007FFD341178D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD341112FB		31_2_00007FFD341112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3413047D		31_2_00007FFD3413047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3412100A		31_2_00007FFD3412100A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD34123FFA		31_2_00007FFD34123FFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3411E1D0		31_2_00007FFD3411E1D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3411FA94		31_2_00007FFD3411FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3411BDB0		31_2_00007FFD3411BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD3411DE1D		31_2_00007FFD3411DE1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD341210C0		31_2_00007FFD341210C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD34128181		31_2_00007FFD34128181
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD341282EF		31_2_00007FFD341282EF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD34128349		31_2_00007FFD34128349
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD3415047D		33_2_00007FFD3415047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD3413B739		33_2_00007FFD3413B739
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD3414100A		33_2_00007FFD3414100A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD3413FA94		33_2_00007FFD3413FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD3413BDB0		33_2_00007FFD3413BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341410C0		33_2_00007FFD341410C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341378D6		33_2_00007FFD341378D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD34138682		33_2_00007FFD34138682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341330DD		33_2_00007FFD341330DD
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341305FA		33_2_00007FFD341305FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341331FA		33_2_00007FFD341331FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 33_2_00007FFD341312FA		33_2_00007FFD341312FA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD34118682		35_2_00007FFD34118682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD341178D6		35_2_00007FFD341178D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD341119A9		35_2_00007FFD341119A9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD341112FB		35_2_00007FFD341112FB
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD3413047D		35_2_00007FFD3413047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD34123FFA		35_2_00007FFD34123FFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD3412108C		35_2_00007FFD3412108C
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD3411FA94		35_2_00007FFD3411FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD3411BDB0		35_2_00007FFD3411BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD3411DE1D		35_2_00007FFD3411DE1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 35_2_00007FFD341210C0		35_2_00007FFD341210C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3413047D		37_2_00007FFD3413047D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3412100A		37_2_00007FFD3412100A
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD34123FFA		37_2_00007FFD34123FFA
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3411E1D0		37_2_00007FFD3411E1D0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3411FA94		37_2_00007FFD3411FA94
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3411BDB0		37_2_00007FFD3411BDB0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD3411DE1D		37_2_00007FFD3411DE1D
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD341210C0		37_2_00007FFD341210C0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD34128181		37_2_00007FFD34128181
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD341282EF		37_2_00007FFD341282EF
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD34128349		37_2_00007FFD34128349
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD341178D6		37_2_00007FFD341178D6
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD34118682		37_2_00007FFD34118682
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 37_2_00007FFD341112FB		37_2_00007FFD341112FB

Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
Source: Joe Sandbox View	Dropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A

Source: 9rSeCZbjZE.msi	Binary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 9rSeCZbjZE.msi
Source: 9rSeCZbjZE.msi	Binary or memory string: OriginalFilenameSfxCA.dll\ vs 9rSeCZbjZE.msi
Source: 9rSeCZbjZE.msi	Binary or memory string: OriginalFilenamewixca.dll\ vs 9rSeCZbjZE.msi

Source: ICSharpCode.SharpZipLib.dll.2.dr, InflaterInputBuffer.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.2.dr, DeflaterOutputStream.cs	Cryptographic APIs: 'TransformBlock'
Source: ICSharpCode.SharpZipLib.dll.2.dr, ZipAESTransform.cs	Cryptographic APIs: 'TransformBlock'

Source: AteraAgent.exe.2.dr, SignatureValidator.cs

Base64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'

Source: classification engine

Classification label: mal88.troj.spyw.evad.winMSI@54/78@33/3

Source: C:\Windows\System32\msiexec.exe

File created: C:\Program Files (x86)\ATERA Networks

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe

File created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3548:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Mutant created: NULL
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4464:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1864:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6288:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:6812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:1352:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:5676:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:3212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:280:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:4412:120:WilError_03
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Mutant created: \BaseNamedObjects\Global\netfxeventlog.1.0

Source: C:\Windows\System32\msiexec.exe

File created: C:\Windows\TEMP\~DF329B2876A41199DB.TMP

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\SysWOW64\taskkill.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = "AteraAgent.exe")
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Windows\System32\msiexec.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId

Source: 9rSeCZbjZE.msi

Static file information: TRID: Microsoft Windows Installer (60509/1) 57.88%

Source: 9rSeCZbjZE.msi

ReversingLabs: Detection: 26%

Source: unknown	Process created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\9rSeCZbjZE.msi"
Source: unknown	Process created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0E
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
Source: unknown	Process created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
Source: C:\Windows\SysWOW64\taskkill.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"
Source: unknown	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Windows\SysWOW64\rundll32.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0E			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown

Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srpapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textinputframework.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coreuicomponents.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: coremessaging.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: textshaping.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msihnd.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: tsappcmp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netapi32.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: srclient.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: spp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: powrprof.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vssapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vsstrace.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: umpdc.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: msisip.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: rstrtmgr.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ncrypt.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntasn1.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: pcacli.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: ntmarta.dll			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: cabinet.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanagersvc.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: licensemanager.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: clipc.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: usermgrcli.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.staterepositorycore.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.staterepositoryps.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: windows.networking.connectivity.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: npmproxy.dll			Jump to behavior
Source: C:\Windows\System32\svchost.exe	Section loaded: wintypes.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: aclayers.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: sfc_os.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: msi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: mpr.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: framedynos.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: dbghelp.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: winsta.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: uxtheme.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: riched20.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: usp10.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msls31.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: propsys.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: edputil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: urlmon.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iertutil.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: srvcli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: netutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: windows.staterepositoryps.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wintypes.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: appresolver.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: bcp47langs.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: slc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: sppc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecorecommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: onecoreuapcommonproxystub.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: cryptnet.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: webio.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: apphelp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptbase.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: windows.storage.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wldp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: profapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: wbemcomn.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: amsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: userenv.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasapi32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasman.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rtutils.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mswsock.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winhttp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ondemandconnroutehelper.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: iphlpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dhcpcsvc.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: dnsapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: winnsi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rasadhlp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: fwpuclnt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: secur32.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: sspicli.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: schannel.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mskeyprotect.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ntasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncrypt.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ncryptsslp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: msasn1.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: gpapi.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: mscoree.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: kernel.appcore.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: version.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: vcruntime140_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: ucrtbase_clr0400.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: cryptsp.dll
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Section loaded: rsaenh.dll

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

File opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll

Source: 9rSeCZbjZE.msi

Static file information: File size 2994176 > 1048576

Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbenSC source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbi]M source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: l\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbrePerm source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbS* source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb0 source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: nC:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\System.pdb'( source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
Source:	Binary string: \??\C:\Windows\System.pdb?+2 source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\System.pdbpdbtem.pdb| source: rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
Source:	Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
Source:	Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.dr
Source:	Binary string: nC:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb3Z source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: HP~n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.16.dr
Source:	Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
Source:	Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
Source:	Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdbJ source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 9rSeCZbjZE.msi, 6788d4.msi.2.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, MSIA873.tmp.2.dr
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.PDBV source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
Source:	Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdbc source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
Source:	Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbEER? source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: mscorlib.pdb source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb> source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
Source:	Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
Source:	Binary string: l\System.pdba.co source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
Source:	Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 9rSeCZbjZE.msi, MSIA257.tmp.2.dr, MSIBFA8.tmp.2.dr, 6788d4.msi.2.dr, MSI90F1.tmp.2.dr, 6788d2.msi.2.dr, MSI8AD6.tmp.2.dr
Source:	Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr

Data Obfuscation

Source: BouncyCastle.Crypto.dll.2.dr

Static PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]

Source: MSI90F1.tmp.2.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSIBFA8.tmp.2.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSIA257.tmp.2.dr	Static PE information: real checksum: 0x32353 should be: 0x88610
Source: MSI8AD6.tmp.2.dr	Static PE information: real checksum: 0x32353 should be: 0x88610

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A857B8 push es; ret		5_3_06A85840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A84E90 push es; ret		5_3_06A84EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A8B235 push ds; ret		5_3_06A8B243
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A8D1A1 push es; ret		5_3_06A8D1B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A8DDC0 push es; ret		5_3_06A8DDD0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A858B0 push es; ret		5_3_06A858C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06A858D1 push es; ret		5_3_06A858E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 5_3_06B618F0 push es; ret		5_3_06B61900
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 15_2_00007FFD341200BD pushad ; iretd		15_2_00007FFD341200C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD341300BD pushad ; iretd		16_2_00007FFD341300C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD3414CA08 push FFFFFFE8h; ret		16_2_00007FFD3414CCF9
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34150AFB pushad ; ret		16_2_00007FFD34150B01
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34345FE4 push eax; ret		16_2_00007FFD34346014
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Code function: 16_2_00007FFD34340421 push eax; ret		16_2_00007FFD34340444
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E257B8 push es; ret		19_3_06E25840
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E24EB0 push es; ret		19_3_06E24EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E24E90 push es; ret		19_3_06E24EA0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E258F0 push es; ret		19_3_06E25900
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E258D1 push es; ret		19_3_06E258E0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E258B0 push es; ret		19_3_06E258C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06E25910 push es; ret		19_3_06E25920
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 19_3_06F084A1 push es; ret		19_3_06F084B0
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD34145587 push ebp; iretd		22_2_00007FFD341455D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 22_2_00007FFD341300BD pushad ; iretd		22_2_00007FFD341300C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD34155587 push ebp; iretd		24_2_00007FFD341555D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 24_2_00007FFD341400BD pushad ; iretd		24_2_00007FFD341400C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD341300BD pushad ; iretd		27_2_00007FFD341300C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 27_2_00007FFD34145587 push ebp; iretd		27_2_00007FFD341455D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD34125587 push ebp; iretd		29_2_00007FFD341255D8
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 29_2_00007FFD341100BD pushad ; iretd		29_2_00007FFD341100C1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Code function: 31_2_00007FFD341100BD pushad ; iretd		31_2_00007FFD341100C1

Persistence and Installation Behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	File created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBFA8.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA257.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8E2.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA9DD.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA883.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90F1.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8AD6.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file

Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIBFA8.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA257.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA8E2.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA883.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI90F1.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSIA9DD.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	File created: C:\Windows\Installer\MSI8AD6.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	File created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Windows\system32\InstallUtil.InstallLog			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	File created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog			Jump to behavior

Boot Survival

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Application

Jump to behavior

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000

Hooking and other Techniques for Hiding and Protection

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Key value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob

Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Windows\SysWOW64\taskkill.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOGPFAULTERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process information set: NOOPENFILEERRORBOX

Malware Analysis System Evasion

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 227F6AE0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 227F87B0000 memory reserve | memory write watch			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 29A8FBE0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Memory allocated: 29AA81B0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 2CDA0670000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 2CDB8C70000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 232D7850000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 232EFEF0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 13A39300000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 13A51B30000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1BC18B60000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1BC31150000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 290FBB30000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 290FC0E0000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24D74D20000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 24D74F00000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 18F7EA50000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 18F7F070000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1EF26F80000 memory reserve | memory write watch
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Memory allocated: 1EF3F6E0000 memory reserve | memory write watch

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 3952
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Window / User API: threadDelayed 5805

Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA8E2.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA9DD.tmp			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIA883.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file
Source: C:\Windows\System32\msiexec.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp			Jump to dropped file
Source: C:\Windows\SysWOW64\rundll32.exe	Dropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll			Jump to dropped file

Source: C:\Windows\SysWOW64\rundll32.exe TID: 4948	Thread sleep time: -30000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2612	Thread sleep time: -60000s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 712	Thread sleep time: -922337203685477s >= -30000s			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5368	Thread sleep count: 3952 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5368	Thread sleep count: 5805 > 30
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3532	Thread sleep time: -25825441703193356s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3532	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3176	Thread sleep time: -130000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6700	Thread sleep time: -3689348814741908s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3616	Thread sleep time: -90000s >= -30000s
Source: C:\Windows\SysWOW64\rundll32.exe TID: 2324	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 420	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4576	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5004	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6232	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 424	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3800	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 424	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4048	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5004	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7128	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2132	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 348	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5704	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5656	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5844	Thread sleep time: -922337203685477s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5756	Thread sleep time: -30000s >= -30000s
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4512	Thread sleep time: -922337203685477s >= -30000s

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard

Source: C:\Windows\System32\sc.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain FROM Win32_ComputerSystem

Source: C:\Windows\SysWOW64\rundll32.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	WMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Windows\System32\conhost.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	File Volume queried: C:\ FullSizeInformation			Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 30000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Thread delayed: delay time: 90000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Thread delayed: delay time: 922337203685477

Source: AgentPackageAgentInformation.exe.16.dr	Binary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWR
Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW!~7h
Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D75766000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
Source: AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB94E4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee<
Source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
Source: rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088315792.000001BC31A60000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF275D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Windows\System32\msiexec.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Process token adjusted: Debug

Source: C:\Windows\SysWOW64\rundll32.exe

Memory allocated: page read and write | page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Source: C:\Windows\System32\msiexec.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent			Jump to behavior
Source: C:\Windows\SysWOW64\msiexec.exe	Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe			Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: unknown unknown

Source: C:\Windows\SysWOW64\msiexec.exe

Process created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe

Jump to behavior

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Process created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1

Language, Device and Operating System Detection

Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\System32\msiexec.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation			Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformation			Jump to behavior
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll VolumeInformation
Source: C:\Windows\SysWOW64\rundll32.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe	Queries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation

Source: C:\Windows\SysWOW64\rundll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Lowering of HIPS / PFW / Operating System Security Settings

Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

Remote Access Functionality

Source: Yara match	File source: 24.2.AgentPackageAgentInformation.exe.232d78a0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 15.0.AteraAgent.exe.227f6790000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000023.00000002.3539340207.0000018F7E890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4583954735.0000029A8FCA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A39330000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2261210966.00000227F6C40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3627879487.000001EF27180000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D77C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.000002278017C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.0000022780089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D7748000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3083850156.0000013A39BA3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3088059317.000001BC31A40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3541368660.0000018F7F8F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2439180318.000002CDA0350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2270413033.00000227F9000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3352740799.00000290FB8AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3539340207.0000018F7E8CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4582467774.0000029A8F9BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2271843953.00007FFD341B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3346479513.00000290FB890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3354008998.00000290FBB40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3352740799.00000290FB919000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A393EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3539340207.0000018F7E899000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2439795029.000002CDA0570000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2440110075.000002CDA0C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081521658.000001BC18928000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3432709882.0000024D00083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.000002278008C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2439180318.000002CDA039D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3432709882.0000024D00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3352740799.00000290FB8D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3539340207.0000018F7E8CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF27018000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A39339000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3432709882.0000024D00073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F6A0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2440110075.000002CDA0CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.00000227800B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D7780000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2440060207.00000232D7F63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3437507331.0000024D748A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3629811902.000001EF276E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3432709882.0000024D00047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3085296572.000001BC19151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2270413033.00000227F8FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4576486295.000000C7BF4F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4582467774.0000029A8F8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3536757175.0000018F00083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A39378000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3353498099.00000290FB940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081775812.000001BC189A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2440110075.000002CDA0CE3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D775B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3085296572.000001BC19197000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2270357117.00000227F8FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F69E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2439180318.000002CDA0310000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439120515.00000232D7690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3342887037.0000029080047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081521658.000001BC18920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A393B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3342887037.0000029080083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3081892011.0000013A395F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081172588.000001BC188C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.0000022780132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3083850156.0000013A39B31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3342887037.0000029080073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3629811902.000001EF27763000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3539340207.0000018F7E91B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2440110075.000002CDA0CF3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A3936C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF26F99000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3083850156.0000013A39B77000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4595230345.0000029AA8D5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4593698303.0000029AA8B39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3541063423.0000018F7EA70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3536757175.0000018F00047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3536757175.0000018F00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081775812.000001BC1893B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF26FD1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4582467774.0000029A8F91E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2259421708.0000022780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3437826124.0000024D75766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F69E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081775812.000001BC18963000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3352740799.00000290FB8CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3436279705.0000024D7475C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3083850156.0000013A39BB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3081775812.000001BC1895B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3629811902.000001EF27727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D777C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF26FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF26F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3346479513.00000290FB898000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3436279705.0000024D74728000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3085296572.000001BC191D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4582320301.0000029A8F870000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F6A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2260756977.00000227F6AAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001D.00000002.3085296572.000001BC191C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3436279705.0000024D747A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3629811902.000001EF27753000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001F.00000002.3342887037.0000029080001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000021.00000002.3436279705.0000024D74720000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000001B.00000002.3079848462.0000013A3934B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000023.00000002.3536757175.0000018F00073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2439303266.00000232D7740000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000025.00000002.3623340432.000001EF27050000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000010.00000002.4582467774.0000029A8F96A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000018.00000002.2440060207.00000232D7EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 2012, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 3664, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 1008, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 3320, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AteraAgent.exe PID: 2404, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: rundll32.exe PID: 4788, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2548, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3664, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6304, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5728, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3756, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6684, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4080, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5820, type: MEMORYSTR
Source: Yara match	File source: C:\Windows\Temp\~DFE286531BC9E5DA5B.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF03F7F4E9FB6913B4.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF9BE70E11C712AC71.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF605B4EFF8857F184.TMP, type: DROPPED
Source: Yara match	File source: C:\Config.Msi\6788d3.rbs, type: DROPPED
Source: Yara match	File source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF861F9EB41197E865.TMP, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
Source: Yara match	File source: C:\Windows\Temp\~DF329B2876A41199DB.TMP, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
Source: Yara match	File source: C:\Windows\Installer\MSIA873.tmp, type: DROPPED
Source: Yara match	File source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED