Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
9rSeCZbjZE.msi

Overview

General Information

Sample name:9rSeCZbjZE.msi
renamed because original name is a hash value
Original sample name:c4e4332cf78e92bef45cab4d8d9a29a8.msi
Analysis ID:1524429
MD5:c4e4332cf78e92bef45cab4d8d9a29a8
SHA1:e6f5aae7f231f9f108f0bbcc5c7240bee17a180e
SHA256:63f2e49bd14880bed0033cbf0878ee50f18555432d3ad1439b304e6a2dc00fc6
Tags:msiMuddyWateruser-smica83
Infos:

Detection

AteraAgent
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected AteraAgent
AI detected suspicious sample
Creates files in the system32 config directory
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Reads the Security eventlog
Reads the System eventlog
Yara detected Generic Downloader
Abnormal high CPU Usage
Adds / modifies Windows certificates
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Checks for available system drives (often done to infect USB drives)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates files inside the system directory
Creates or modifies windows services
Deletes files inside the Windows folder
Detected potential crypto function
Dropped file seen in connection with other malware
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Drops certificate files (DER)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains an invalid checksum
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Stores large binary data to the registry
Suricata IDS alerts with low severity for network traffic
Uses code obfuscation techniques (call, push, ret)
Uses net.exe to stop services
Uses taskkill to terminate processes
Very long cmdline option found, this is very uncommon (may be encrypted or packed)

Classification

Process Tree

  • System is w10x64
  • msiexec.exe (PID: 7116 cmdline: "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\9rSeCZbjZE.msi" MD5: E5DA170027542E25EDE42FC54C929077)
  • msiexec.exe (PID: 1596 cmdline: C:\Windows\system32\msiexec.exe /V MD5: E5DA170027542E25EDE42FC54C929077)
    • msiexec.exe (PID: 948 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0E MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • rundll32.exe (PID: 2012 cmdline: rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 3664 cmdline: rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 1008 cmdline: rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation MD5: 889B99C52A60DD49227C5E485A016679)
      • rundll32.exe (PID: 4788 cmdline: rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd MD5: 889B99C52A60DD49227C5E485A016679)
    • msiexec.exe (PID: 3556 cmdline: C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000 MD5: 9D09DC1EDA745A5F87553048E57620CF)
      • net.exe (PID: 1824 cmdline: "NET" STOP AteraAgent MD5: 31890A7DE89936F922D44D677F681A7F)
        • conhost.exe (PID: 6552 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
        • net1.exe (PID: 2580 cmdline: C:\Windows\system32\net1 STOP AteraAgent MD5: 2EFE6ED4C294AB8A39EB59C80813FEC1)
      • taskkill.exe (PID: 6556 cmdline: "TaskKill.exe" /f /im AteraAgent.exe MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
        • conhost.exe (PID: 6288 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AteraAgent.exe (PID: 3320 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c" MD5: 477293F80461713D51A98A24023D45E8)
  • svchost.exe (PID: 5768 cmdline: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • AteraAgent.exe (PID: 2404 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" MD5: 477293F80461713D51A98A24023D45E8)
    • sc.exe (PID: 1008 cmdline: "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000 MD5: 3FB5CF71F7E7EB49790CB0E663434D80)
      • conhost.exe (PID: 5676 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 2548 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 1864 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 3664 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 6812 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 6304 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 280 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 5728 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 3212 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 3756 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 1352 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 6684 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 4412 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 4080 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 4464 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • AgentPackageAgentInformation.exe (PID: 5820 cmdline: "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1 MD5: 31DEF444E6135301EA3C38A985341837)
      • conhost.exe (PID: 3548 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Windows\Temp\~DFE286531BC9E5DA5B.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
    C:\Windows\Temp\~DF03F7F4E9FB6913B4.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
      C:\Windows\Temp\~DF9BE70E11C712AC71.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
        C:\Windows\Temp\~DF605B4EFF8857F184.TMPJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
          C:\Config.Msi\6788d3.rbsJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
            Click to see the 14 entries

            Memory Dumps

            SourceRuleDescriptionAuthorStrings
            00000023.00000002.3539340207.0000018F7E890000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
              00000010.00000002.4583954735.0000029A8FCA0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                0000001B.00000002.3079848462.0000013A39330000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                  0000000F.00000002.2261210966.00000227F6C40000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                    00000025.00000002.3627879487.000001EF27180000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                      Click to see the 148 entries

                      Unpacked PEs

                      SourceRuleDescriptionAuthorStrings
                      24.2.AgentPackageAgentInformation.exe.232d78a0000.1.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                        15.0.AteraAgent.exe.227f6790000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                          22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpackJoeSecurity_AteraAgentYara detected AteraAgentJoe Security
                            22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security

                              Sigma Signatures

                              Sigma detected: Net.exe Execution
                              Source: Process startedAuthor: Michael Haag, Mark Woan (improvements), James Pemberton / @4A616D6573 / oscd.community (improvements): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3556, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 1824, ProcessName: net.exe
                              Sigma detected: Stop Windows Service Via Net.EXE
                              Source: Process startedAuthor: Jakob Weinzettl, oscd.community, Nasreddine Bencherchali (Nextron Systems): Data: Command: "NET" STOP AteraAgent, CommandLine: "NET" STOP AteraAgent, CommandLine|base64offset|contains: I3, Image: C:\Windows\SysWOW64\net.exe, NewProcessName: C:\Windows\SysWOW64\net.exe, OriginalFileName: C:\Windows\SysWOW64\net.exe, ParentCommandLine: C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000, ParentImage: C:\Windows\SysWOW64\msiexec.exe, ParentProcessId: 3556, ParentProcessName: msiexec.exe, ProcessCommandLine: "NET" STOP AteraAgent, ProcessId: 1824, ProcessName: net.exe
                              Sigma detected: Windows Processes Suspicious Parent Directory
                              Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 632, ProcessCommandLine: C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager, ProcessId: 5768, ProcessName: svchost.exe

                              Suricata Signatures

                              TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                              2024-10-02T19:18:20.192565+020028033053Unknown Traffic192.168.2.64972935.157.63.229443TCP
                              2024-10-02T19:18:22.040487+020028033053Unknown Traffic192.168.2.64973235.157.63.229443TCP
                              2024-10-02T19:18:23.566502+020028033053Unknown Traffic192.168.2.64973735.157.63.229443TCP
                              2024-10-02T19:19:08.335189+020028033053Unknown Traffic192.168.2.64974735.157.63.228443TCP
                              2024-10-02T19:19:25.711687+020028033053Unknown Traffic192.168.2.64975335.157.63.228443TCP
                              2024-10-02T19:19:27.998491+020028033053Unknown Traffic192.168.2.64975735.157.63.228443TCP
                              2024-10-02T19:19:31.364146+020028033053Unknown Traffic192.168.2.64976535.157.63.228443TCP
                              2024-10-02T19:19:33.960808+020028033053Unknown Traffic192.168.2.64977335.157.63.228443TCP
                              2024-10-02T19:19:41.215256+020028033053Unknown Traffic192.168.2.64978135.157.63.228443TCP
                              2024-10-02T19:19:42.551905+020028033053Unknown Traffic192.168.2.64978635.157.63.228443TCP
                              2024-10-02T19:19:46.105709+020028033053Unknown Traffic192.168.2.64980135.157.63.228443TCP
                              2024-10-02T19:19:47.520191+020028033053Unknown Traffic192.168.2.64980735.157.63.228443TCP
                              2024-10-02T19:19:51.270142+020028033053Unknown Traffic192.168.2.64981635.157.63.228443TCP
                              2024-10-02T19:19:53.048903+020028033053Unknown Traffic192.168.2.64982835.157.63.228443TCP
                              2024-10-02T19:19:56.724953+020028033053Unknown Traffic192.168.2.64984335.157.63.228443TCP
                              2024-10-02T19:19:59.006496+020028033053Unknown Traffic192.168.2.64985435.157.63.228443TCP
                              2024-10-02T19:20:01.693105+020028033053Unknown Traffic192.168.2.64986335.157.63.228443TCP
                              2024-10-02T19:20:03.420400+020028033053Unknown Traffic192.168.2.64987235.157.63.228443TCP
                              2024-10-02T19:20:05.031180+020028033053Unknown Traffic192.168.2.64987935.157.63.228443TCP
                              2024-10-02T19:20:07.727965+020028033053Unknown Traffic192.168.2.64989335.157.63.228443TCP
                              2024-10-02T19:20:09.019747+020028033053Unknown Traffic192.168.2.64990135.157.63.228443TCP
                              2024-10-02T19:20:11.155367+020028033053Unknown Traffic192.168.2.64990835.157.63.228443TCP
                              2024-10-02T19:20:13.309016+020028033053Unknown Traffic192.168.2.64992335.157.63.228443TCP
                              2024-10-02T19:20:14.536443+020028033053Unknown Traffic192.168.2.64993235.157.63.228443TCP
                              2024-10-02T19:20:17.676408+020028033053Unknown Traffic192.168.2.64994335.157.63.228443TCP
                              2024-10-02T19:20:19.843023+020028033053Unknown Traffic192.168.2.64995335.157.63.228443TCP
                              2024-10-02T19:20:22.083022+020028033053Unknown Traffic192.168.2.64996535.157.63.228443TCP
                              2024-10-02T19:22:09.645174+020028033053Unknown Traffic192.168.2.65032235.157.63.228443TCP
                              2024-10-02T19:22:11.614258+020028033053Unknown Traffic192.168.2.65032535.157.63.228443TCP
                              2024-10-02T19:22:12.888429+020028033053Unknown Traffic192.168.2.65032835.157.63.228443TCP

                              Joe Sandbox Signatures

                              Click to jump to signature section

                              Show All Signature Results

                              AV Detection

                              barindex
                              Multi AV Scanner detection for dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeReversingLabs: Detection: 26%
                              Multi AV Scanner detection for submitted file
                              Source: 9rSeCZbjZE.msiReversingLabs: Detection: 26%
                              AI detected suspicious sample
                              Source: Submited SampleIntegrated Neural Analysis Model: Matched 98.2% probability
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49724 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49734 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49739 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49753 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49760 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49763 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49764 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49767 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49765 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49783 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49784 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49785 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49786 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49791 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49792 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49797 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49801 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49811 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49815 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49843 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49873 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49871 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49876 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49894 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49895 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49901 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49900 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49905 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49909 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49908 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49923 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49927 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49934 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49942 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49971 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49992 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50006 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50010 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50015 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50019 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50028 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50031 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50037 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50041 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50043 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50048 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50051 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50054 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50059 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50061 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50063 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50067 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50070 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50075 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50078 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50081 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50085 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50089 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50093 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50096 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50099 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50102 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50107 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50110 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50113 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50117 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50120 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50131 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50129 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50135 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50136 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50139 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50146 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50149 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50151 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50155 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50154 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50158 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50161 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50162 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50175 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50176 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50179 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50180 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50186 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50185 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50192 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50191 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50198 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50199 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50207 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50205 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50214 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50215 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50216 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50221 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50222 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50230 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50233 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50234 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50240 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50248 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50249 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50254 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50255 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50260 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50261 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50268 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50269 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50275 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50274 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50278 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50284 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50283 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50289 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50290 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50296 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50298 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50299 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50302 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50304 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50306 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50311 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50312 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50316 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50318 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50322 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50328 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50329 version: TLS 1.2
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbenSC source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbi]M source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: l\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbrePerm source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbS* source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb0 source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: nC:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\System.pdb'( source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\System.pdb?+2 source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb| source: rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.dr
                              Source: Binary string: nC:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb3Z source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: HP~n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.16.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdbJ source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 9rSeCZbjZE.msi, 6788d4.msi.2.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, MSIA873.tmp.2.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.PDBV source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdbc source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbEER? source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mscorlib.pdb source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb> source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: l\System.pdba.co source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 9rSeCZbjZE.msi, MSIA257.tmp.2.dr, MSIBFA8.tmp.2.dr, 6788d4.msi.2.dr, MSI90F1.tmp.2.dr, 6788d2.msi.2.dr, MSI8AD6.tmp.2.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr
                              Source: C:\Windows\System32\msiexec.exeFile opened: z:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: x:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: v:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: t:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: r:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: p:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: n:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: l:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: j:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: h:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: f:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: b:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: y:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: w:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: u:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: s:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: q:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: o:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: m:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: k:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: i:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: g:Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile opened: e:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: c:
                              Source: C:\Windows\System32\msiexec.exeFile opened: a:Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34121873h15_2_00007FFD3412172D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34121FFFh15_2_00007FFD34121FAC
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD3414B982h16_2_00007FFD3414B72E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34134ECBh16_2_00007FFD34134CB7
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34134ECBh16_2_00007FFD34134DCE
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34131FFFh16_2_00007FFD34131EB6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD3414B982h16_2_00007FFD3414B92F
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34131873h16_2_00007FFD34130C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34131A44h16_2_00007FFD34130C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD34131FFFh16_2_00007FFD34130C58
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 4x nop then jmp 00007FFD3413227Bh16_2_00007FFD34130C58

                              Networking

                              barindex
                              Yara detected Generic Downloader
                              Source: Yara matchFile source: 22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f36f539c-eb12-4043-bfe7-1d97ad63c39f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=380907e5-e0c8-46fb-b9fe-40434342a790&tr=43&tt=17278894987677237&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d393e12b-59f9-4e9a-bc9e-906a9df5d4e6&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d801375-a995-437f-bb39-2b768a2ffc35&tr=43&tt=17278895004778637&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52c8216d-05cf-454c-a953-97630402804f&tr=43&tt=17278895006475514&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a4a5d4f-5b09-4fad-801d-892636c9dc6a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c5ea83a9-6787-461b-8a54-7de49826b09e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9cb48613-11df-4d8d-bc5c-fa5e5ab558d5&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=74bc8fec-f7c7-42f9-bbb5-52fc69f7a991&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=851fda1c-40e7-4860-a1ac-7bad32d44904&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4f87737f-1b62-4af8-b79d-0d83dea7e1ad&tr=42&tt=17278895727657695&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82e1c4c5-92aa-4a47-9b1c-e11c9784fe8f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=efbebcfb-7bb3-43e2-b11d-755acc1cb2ea&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=008faf90-ab1c-4899-89f6-2dbcd7a42fd9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=79289950-7a17-428a-947f-ec76be2af615&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7550efe2-9858-4f29-a8d7-d203f10abde8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=00b37824-93b6-4d7a-b2dc-353b2c5821b2&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe9a9b1c-a39b-458e-8a93-5d2da71a97cf&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1324944-3eb5-4603-b606-61bac33d279e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8afe7cc-9cec-4ac9-a211-a601f770ea27&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0b7b885a-94d1-4d36-95b0-fc7e6fc59620&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cf3cae32-92fb-4e81-9496-f8af61b2fa4a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d861a120-c366-48a0-bdd6-393525d9ab24&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe4dc753-76d3-47b1-b870-ca18c7257e67&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f2d0a29d-70d7-43cd-8021-6401d6433d4a&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33567a39-1018-4253-b589-cca2355f89b1&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=165e6729-6dc8-407f-96f8-476143fe89f4&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd5dc503-93f3-49c6-a09d-9a7cb6289240&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=61259368-8a2d-4297-b191-f4a387ad4f8f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8180b6be-ed13-47f3-8b34-1428ceb5eb37&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: Joe Sandbox ViewIP Address: 35.157.63.228 35.157.63.228
                              Source: Joe Sandbox ViewIP Address: 35.157.63.229 35.157.63.229
                              Source: Joe Sandbox ViewIP Address: 13.35.58.104 13.35.58.104
                              Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49732 -> 35.157.63.229:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49737 -> 35.157.63.229:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49729 -> 35.157.63.229:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49747 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49773 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49753 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49765 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49801 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49807 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49781 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49854 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49863 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49786 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49816 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49901 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49923 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49843 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49932 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49943 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49757 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49965 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49872 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49828 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49879 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50328 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50322 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:50325 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49893 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49908 -> 35.157.63.228:443
                              Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.6:49953 -> 35.157.63.228:443
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f36f539c-eb12-4043-bfe7-1d97ad63c39f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=380907e5-e0c8-46fb-b9fe-40434342a790&tr=43&tt=17278894987677237&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d393e12b-59f9-4e9a-bc9e-906a9df5d4e6&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d801375-a995-437f-bb39-2b768a2ffc35&tr=43&tt=17278895004778637&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52c8216d-05cf-454c-a953-97630402804f&tr=43&tt=17278895006475514&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1Host: ps.atera.comConnection: Keep-Alive
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a4a5d4f-5b09-4fad-801d-892636c9dc6a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c5ea83a9-6787-461b-8a54-7de49826b09e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9cb48613-11df-4d8d-bc5c-fa5e5ab558d5&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=74bc8fec-f7c7-42f9-bbb5-52fc69f7a991&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=851fda1c-40e7-4860-a1ac-7bad32d44904&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4f87737f-1b62-4af8-b79d-0d83dea7e1ad&tr=42&tt=17278895727657695&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82e1c4c5-92aa-4a47-9b1c-e11c9784fe8f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=efbebcfb-7bb3-43e2-b11d-755acc1cb2ea&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=008faf90-ab1c-4899-89f6-2dbcd7a42fd9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=79289950-7a17-428a-947f-ec76be2af615&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7550efe2-9858-4f29-a8d7-d203f10abde8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=00b37824-93b6-4d7a-b2dc-353b2c5821b2&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe9a9b1c-a39b-458e-8a93-5d2da71a97cf&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1324944-3eb5-4603-b606-61bac33d279e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8afe7cc-9cec-4ac9-a211-a601f770ea27&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0b7b885a-94d1-4d36-95b0-fc7e6fc59620&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cf3cae32-92fb-4e81-9496-f8af61b2fa4a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d861a120-c366-48a0-bdd6-393525d9ab24&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe4dc753-76d3-47b1-b870-ca18c7257e67&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f2d0a29d-70d7-43cd-8021-6401d6433d4a&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33567a39-1018-4253-b589-cca2355f89b1&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=165e6729-6dc8-407f-96f8-476143fe89f4&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd5dc503-93f3-49c6-a09d-9a7cb6289240&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=61259368-8a2d-4297-b191-f4a387ad4f8f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Host: ps.pndsn.com
                              Source: global trafficHTTP traffic detected: GET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8180b6be-ed13-47f3-8b34-1428ceb5eb37&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1Cache-Control: no-cachePragma: no-cacheContent-Type: application/jsonHost: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: agent-api.atera.com
                              Source: global trafficDNS traffic detected: DNS query: ps.pndsn.com
                              Source: global trafficDNS traffic detected: DNS query: ps.atera.com
                              Source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.2.drString found in binary or memory: http://acontrol.atera.com/
                              Source: rundll32.exe, 00000005.00000002.2196990122.00000000047A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9084D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AE5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D801F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39C5F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.000002908012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2780F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://agent-api.atera.com
                              Source: rundll32.exe, 00000005.00000002.2196990122.00000000047A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9084D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AE5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D801F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39C5F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.000002908012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2780F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://atera-agent-api-eu.westeurope.cloudapp.azure.com
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.F
                              Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://cacerts.digicert.com/DigiCertCSRSA4096RootG5.crt0E
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                              Source: C56C4404C4DEF0DC88E5FCD9F09CB2F10.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crt0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
                              Source: F2E248BEDDBB2D85122423C41028BFD40.16.drString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9513000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0894000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A523B4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D757A5000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F992000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF27671000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF2765F000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msiString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA2.crt0
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E2C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.m5
                              Source: AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                              Source: AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F9AA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.microsoft
                              Source: AteraAgent.exe, 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertCSRSA4096RootG5.crl0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl.dllNU
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0S
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlM
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl
                              Source: BouncyCastle.Crypto.dll.2.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crlL
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0F
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl8
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                              Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F8FE0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F866C000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crl0
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crle
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crli
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA2.crl0=
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                              Source: AteraAgent.exe, 0000000F.00000002.2270413033.00000227F9017000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com:80/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.crlJ
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?fb5fbb6
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/rue)
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.drString found in binary or memory: http://dl.google.com/googletalk/googletalk-setup.exe
                              Source: Newtonsoft.Json.dll.19.drString found in binary or memory: http://james.newtonking.com/projects/json
                              Source: AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AEE000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://microsoft.cot
                              Source: AteraAgent.exe, 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, 8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A9440.15.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSRXerF0eFeSWRripTgTkcJWMm7iQQUaDfg67Y7%2BF8Rh
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, 698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB0.15.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBT3xL4LQLXDRDM9P665TW442vrsUQQUReuir%2FSSy4IxL
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8F4D000.00000004.00000020.00020000.00000000.sdmp, C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F1410.15.drString found in binary or memory: http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfIs%2BLjDtGwQ09XEB1Yeq%2BtX%2BBgQQU7NfjgtJxX
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com/l
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.2.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.dr, BouncyCastle.Crypto.dll.2.drString found in binary or memory: http://ocsp.digicert.com0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9513000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0894000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A523B4000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088662960.000001BC31AC0000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D757A5000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F992000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF27671000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF2765F000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msiString found in binary or memory: http://ocsp.digicert.com0A
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, Microsoft.Deployment.WindowsInstaller.dll.4.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, AteraAgent.exe.2.drString found in binary or memory: http://ocsp.digicert.com0C
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0K
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0N
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, Newtonsoft.Json.dll.19.dr, MSIA873.tmp.2.drString found in binary or memory: http://ocsp.digicert.com0O
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Atera.AgentPackage.Common.dll.16.dr, AteraAgent.exe.2.dr, 6788d2.msi.2.drString found in binary or memory: http://ocsp.digicert.com0X
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F862D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertAssuredIDRootCA.crlG
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedG4CodeSigningRSA4096SHA3842021CA1.cr
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl%
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F862D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crl9
                              Source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.comhttp://crl3.digicert.com/DigiCertTrustedRootG4.crli
                              Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org
                              Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/
                              Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.datacontract.org/2004/07/System.ServiceProcess
                              Source: rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: http://wixtoolset.org
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/v
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/news/
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drString found in binary or memory: http://wixtoolset.org/releases/
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4593698303.0000029AA8B11000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8A50000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, AgentPackageAgentInformation.exe.16.dr, System.ValueTuple.dll.2.dr, Pubnub.dll.2.dr, ICSharpCode.SharpZipLib.dll.2.dr, Newtonsoft.Json.dll.8.dr, 6788d4.msi.2.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.drString found in binary or memory: http://www.digicert.com/CPS0
                              Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.o
                              Source: AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.w3.oh
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.P
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.PhL
                              Source: rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.aterD
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent
                              Source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drString found in binary or memory: https://agent-api.atera.com/Production/Agent/
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/Age
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/AgentStarting)
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/CommandResult
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9039A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands)
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommands0
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback0
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallback2
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetCommandsFallbackp
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetEnvironmentStatus
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.ection
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/GetRecurringPackages.lationship
                              Source: rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://agent-api.atera.com/Production/Agent/track-event
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json
                              Source: System.ValueTuple.dll.2.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                              Source: System.ValueTuple.dll.2.drString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                              Source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.drString found in binary or memory: https://github.com/icsharpcode/SharpZipLib
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9029E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90357000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90275000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentI
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Availability/0.16/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageNetworkDiscovery/13.0/AgentPackageNetworkDiscovery
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesmac/AgentPackageTaskScheduler/13.0/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.z
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformati
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscove
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageRuntimeInstaller/1.6/AgentPackageRuntimeInstalle
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.IotPoc/13.0/Agent.Package.IotPoc.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90357000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90275000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9035B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageAgentInformation/22.7/AgentPackageAgentInformation
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageHeartbeat/16.9
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstaller
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.atera.com/agentpackageswin/AgentPackageTaskScheduler/13.1/AgentPackageTaskScheduler.zip
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.co
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=05f81208-6e8b-4d63-ad3d-db3fdf77ee8e
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=08b51ed0-2f58-4675-b289-2b6f9275c37c
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=17243d50-1dca-4ab3-8ffd-cdd1f9da06cf
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4ee16bff-5410-41d1-916b-4d0016819a50
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=68d2cd14-add9-4c6c-a93e-77e26890884e
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=78a683fe-d9e2-4a77-b254-ef31610e8e8a
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79393e20-2c61-46ac-ae9a-25b77ed36f5f
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8370432f-ad78-46cb-91a9-bb6b24dcdf0f
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5a52dd9-092a-47a9-965a-6b556c722544
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e617c77f-7e15-4b94-aa83-1b1744a880da
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e72fe1fd-d99c-400f-8cf3-5c7c15cf01f0
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ed7663bf-07a2-49d1-aec8-1bf5757e5d78
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78
                              Source: AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drString found in binary or memory: https://www.digicert.com/CPS0
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: https://www.newtonsoft.com/json
                              Source: Newtonsoft.Json.dll.19.drString found in binary or memory: https://www.newtonsoft.com/jsonschema
                              Source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50131 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50154 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50234 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49854
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49733
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50222 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50325 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50107 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50268 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49943 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49847
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50120 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50015 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50096 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50326 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49955
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49953
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49951
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50142 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49955 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50210 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49948
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50061 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50176 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50110 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49992
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49934 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50302 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50199 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49988
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50216
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50215
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50254 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50139 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50151 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50210
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50059 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50211
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50214
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50328 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50107
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50186 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50221
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50102
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50222
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50289 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50162 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50117
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50230
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49918 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50110
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50113
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50234
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50233
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50001 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50175 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50198 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50037 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50249
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50006
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50248
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50129
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50255 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50120
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50093 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50240
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50001
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50123
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50048 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49941 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50306 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49733 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50129 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49965 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49942 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50081 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50304
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50306
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50117 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50278 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50070 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49988 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50302
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50046 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50304 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50233 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50316
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50318
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49953 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50311
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50312
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50205
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50326
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50325
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50207
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50328
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50329
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50316 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50322
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50290 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50185 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50054
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50175
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50296
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50298
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50176
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50179
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50299
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50059
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50180
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50061
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50063
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50102 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50010 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50274 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50186
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50185
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50067
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50113 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50205 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50240 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50216 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50070
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50191
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50192
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50275 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50075
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50078
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50199
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50198
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50081
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50085
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49847 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50089
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50136 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49983 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50093
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50096
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50023 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50139
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50019
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49951 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50149 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50010
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50131
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50254
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50135
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50255
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50078 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50015
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50136
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50161 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50261
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50260
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50215 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50230 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50028
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50149
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50299 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50142
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50318 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50023
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50146
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50145
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50269
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50268
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50151
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50067 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50329 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50298 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50274
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50031
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50155
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50154
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50275
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50278
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50037
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50158
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50041
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50162
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50283
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50161
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50089 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50043
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50284
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50289
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50046
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50048
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50290
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49962 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50051
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50214 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50145 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50311 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50260 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50283 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50248 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50180 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49924 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50099 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50031 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50043 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49992 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50312 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50249 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50192 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50054 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50207 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50006 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49942
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49941
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50296 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50099
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50075 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50158 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50135 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49934
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50123 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49971 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50261 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49924
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50063 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50191 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50019 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49854 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50179 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50322 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49918
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49948 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50041 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50146 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 50284 -> 443
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
                              Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49722 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.229:443 -> 192.168.2.6:49724 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49734 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 13.35.58.104:443 -> 192.168.2.6:49739 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49752 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49753 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49760 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49763 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49764 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49767 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49765 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49781 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49780 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49783 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49784 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49785 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49786 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49791 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49792 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49797 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49801 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49810 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49811 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49815 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49827 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49828 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49841 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49843 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49863 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49862 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49872 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49873 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49871 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49876 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49879 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49883 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49889 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49893 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49894 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49895 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49901 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49900 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49905 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49909 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49908 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49924 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49923 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49927 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49934 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49946 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49942 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49943 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49971 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49983 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49988 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:49992 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50001 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50006 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50010 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50015 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50019 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50023 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50028 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50031 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50037 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50041 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50043 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50046 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50048 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50051 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50054 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50059 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50061 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50063 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50067 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50070 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50075 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50078 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50081 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50085 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50089 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50093 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50096 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50099 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50102 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50107 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50110 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50113 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50117 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50120 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50123 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50131 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50129 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50135 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50136 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50139 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50142 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50145 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50146 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50149 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50151 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50155 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50154 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50158 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50161 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50162 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50175 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50176 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50179 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50180 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50186 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50185 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50192 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50191 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50198 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50199 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50207 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50205 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50210 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50211 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50214 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50215 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50216 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50221 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50222 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50230 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50233 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50234 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50240 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50248 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50249 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50254 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50255 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50260 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50261 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50268 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50269 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50275 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50274 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50278 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50284 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50283 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50289 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50290 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50296 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50298 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50299 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50302 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50304 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50306 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50311 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50312 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50316 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50318 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50322 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50328 version: TLS 1.2
                              Source: unknownHTTPS traffic detected: 35.157.63.228:443 -> 192.168.2.6:50329 version: TLS 1.2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4Jump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to dropped file

                              Spam, unwanted Advertisements and Ransom Demands

                              barindex
                              Reads the Security eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SecurityJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security\AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\Security
                              Reads the System eventlog
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\SystemJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey opened: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\System\AlphaAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess Stats: CPU usage > 49%
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6788d2.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8AD6.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI90F1.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA257.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\inprogressinstallinfo.ipiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA873.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA883.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA8E2.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9DD.tmpJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6788d4.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\6788d4.msiJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBFA8.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\CustomAction.configJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-Jump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dllJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\CustomAction.configJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\CustomAction.config
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile deleted: C:\Windows\Installer\MSI8AD6.tmpJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06B600405_3_06B60040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_3_068250B88_3_068250B8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_3_068259A88_3_068259A8
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 8_3_06824D688_3_06824D68
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3412C92215_2_00007FFD3412C922
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3412636F15_2_00007FFD3412636F
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3412A09415_2_00007FFD3412A094
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3412B37515_2_00007FFD3412B375
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD3412BB7615_2_00007FFD3412BB76
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3413A84016_2_00007FFD3413A840
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34141CF016_2_00007FFD34141CF0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3415389016_2_00007FFD34153890
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3414C93016_2_00007FFD3414C930
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3414CA5016_2_00007FFD3414CA50
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34151C0E16_2_00007FFD34151C0E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3414336016_2_00007FFD34143360
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3413A3FA16_2_00007FFD3413A3FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3414CF7816_2_00007FFD3414CF78
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34139AF216_2_00007FFD34139AF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34150B9316_2_00007FFD34150B93
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD342B1A4216_2_00007FFD342B1A42
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD342B209116_2_00007FFD342B2091
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD342B212316_2_00007FFD342B2123
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3434F81116_2_00007FFD3434F811
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3434E21D16_2_00007FFD3434E21D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD343419F516_2_00007FFD343419F5
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3434263D16_2_00007FFD3434263D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3434486616_2_00007FFD34344866
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34130C5816_2_00007FFD34130C58
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06F0004019_3_06F00040
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06F077F019_3_06F077F0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3415047D22_2_00007FFD3415047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3413868222_2_00007FFD34138682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3413B73922_2_00007FFD3413B739
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3414108C22_2_00007FFD3414108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341378D622_2_00007FFD341378D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341319A922_2_00007FFD341319A9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3413FA9422_2_00007FFD3413FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD3413BDB022_2_00007FFD3413BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341305FA22_2_00007FFD341305FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341410C022_2_00007FFD341410C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341330DD22_2_00007FFD341330DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341331FA22_2_00007FFD341331FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341312FA22_2_00007FFD341312FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3416047D24_2_00007FFD3416047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3414868224_2_00007FFD34148682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3414C79824_2_00007FFD3414C798
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415AFF224_2_00007FFD3415AFF2
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415108C24_2_00007FFD3415108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341478D624_2_00007FFD341478D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341419A924_2_00007FFD341419A9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3414FA9424_2_00007FFD3414FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415529D24_2_00007FFD3415529D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415340D24_2_00007FFD3415340D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3414246B24_2_00007FFD3414246B
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415DD8424_2_00007FFD3415DD84
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341555D924_2_00007FFD341555D9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3414BDB024_2_00007FFD3414BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341435DD24_2_00007FFD341435DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD3415DDFA24_2_00007FFD3415DDFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341405FA24_2_00007FFD341405FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341496D824_2_00007FFD341496D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341510C024_2_00007FFD341510C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341430DD24_2_00007FFD341430DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341431FA24_2_00007FFD341431FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341412FB24_2_00007FFD341412FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3413868227_2_00007FFD34138682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341378D627_2_00007FFD341378D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341319A927_2_00007FFD341319A9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341330DD27_2_00007FFD341330DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341312FA27_2_00007FFD341312FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341305FA27_2_00007FFD341305FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341331FA27_2_00007FFD341331FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3415047D27_2_00007FFD3415047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3413B73927_2_00007FFD3413B739
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3414108C27_2_00007FFD3414108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3413FA9427_2_00007FFD3413FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD3413BDB027_2_00007FFD3413BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341410C027_2_00007FFD341410C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3413047D29_2_00007FFD3413047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3411868229_2_00007FFD34118682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD34123FFA29_2_00007FFD34123FFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3412108C29_2_00007FFD3412108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD341178D629_2_00007FFD341178D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD341119A929_2_00007FFD341119A9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3411FA9429_2_00007FFD3411FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3411BDB029_2_00007FFD3411BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD3411DE1D29_2_00007FFD3411DE1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD341210C029_2_00007FFD341210C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD341112FB29_2_00007FFD341112FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3411868231_2_00007FFD34118682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD341178D631_2_00007FFD341178D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD341112FB31_2_00007FFD341112FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3413047D31_2_00007FFD3413047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3412100A31_2_00007FFD3412100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD34123FFA31_2_00007FFD34123FFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3411E1D031_2_00007FFD3411E1D0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3411FA9431_2_00007FFD3411FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3411BDB031_2_00007FFD3411BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3411DE1D31_2_00007FFD3411DE1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD341210C031_2_00007FFD341210C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3412818131_2_00007FFD34128181
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD341282EF31_2_00007FFD341282EF
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD3412834931_2_00007FFD34128349
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3415047D33_2_00007FFD3415047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3413B73933_2_00007FFD3413B739
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3414100A33_2_00007FFD3414100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3413FA9433_2_00007FFD3413FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3413BDB033_2_00007FFD3413BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341410C033_2_00007FFD341410C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341378D633_2_00007FFD341378D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD3413868233_2_00007FFD34138682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341330DD33_2_00007FFD341330DD
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341305FA33_2_00007FFD341305FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341331FA33_2_00007FFD341331FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 33_2_00007FFD341312FA33_2_00007FFD341312FA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3411868235_2_00007FFD34118682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD341178D635_2_00007FFD341178D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD341119A935_2_00007FFD341119A9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD341112FB35_2_00007FFD341112FB
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3413047D35_2_00007FFD3413047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD34123FFA35_2_00007FFD34123FFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3412108C35_2_00007FFD3412108C
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3411FA9435_2_00007FFD3411FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3411BDB035_2_00007FFD3411BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD3411DE1D35_2_00007FFD3411DE1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 35_2_00007FFD341210C035_2_00007FFD341210C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3413047D37_2_00007FFD3413047D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3412100A37_2_00007FFD3412100A
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD34123FFA37_2_00007FFD34123FFA
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3411E1D037_2_00007FFD3411E1D0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3411FA9437_2_00007FFD3411FA94
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3411BDB037_2_00007FFD3411BDB0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3411DE1D37_2_00007FFD3411DE1D
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD341210C037_2_00007FFD341210C0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3412818137_2_00007FFD34128181
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD341282EF37_2_00007FFD341282EF
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3412834937_2_00007FFD34128349
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD341178D637_2_00007FFD341178D6
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD3411868237_2_00007FFD34118682
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 37_2_00007FFD341112FB37_2_00007FFD341112FB
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                              Source: Joe Sandbox ViewDropped File: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll 443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                              Source: 9rSeCZbjZE.msiBinary or memory string: OriginalFilenameAlphaControlAgentInstallation.dll\ vs 9rSeCZbjZE.msi
                              Source: 9rSeCZbjZE.msiBinary or memory string: OriginalFilenameSfxCA.dll\ vs 9rSeCZbjZE.msi
                              Source: 9rSeCZbjZE.msiBinary or memory string: OriginalFilenamewixca.dll\ vs 9rSeCZbjZE.msi
                              Source: ICSharpCode.SharpZipLib.dll.2.dr, InflaterInputBuffer.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.2.dr, DeflaterOutputStream.csCryptographic APIs: 'TransformBlock'
                              Source: ICSharpCode.SharpZipLib.dll.2.dr, ZipAESTransform.csCryptographic APIs: 'TransformBlock'
                              Source: AteraAgent.exe.2.dr, SignatureValidator.csBase64 encoded string: 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YmxeR/2wifvwd/MQXb/5tsLsvlMs50tmraklX8MKsU1EgEpRZ+W0Ro1ZHoLhQG53oq9hPz9bmJge78yZr6l1QJWz6wCj+yQUxM5f0gt4fHEf2yA94Tklnds7JPr2vQRb5rjAnxnt7722oWFc1bxFFsIcIhOI/EHYCE0qSPE1pKMXALkHZYoDQEFUu3YgEc0Oo7ClJNFrB75g6tVZRqGKxVvYQBb9zKDxhBRnDkhZuB7D1gRaR9PNwCr7tVtPt40c+CCf5ktUkeu4JzaiEipWvKYgRvotqsFtZF5uFso2UmdvxO+lIw9i/GPDfgS4JhKu/Y9lCuaan+xEluhSK0vpQIDAQAB'
                              Source: classification engineClassification label: mal88.troj.spyw.evad.winMSI@54/78@33/3
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA NetworksJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.logJump to behavior
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3548:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMutant created: NULL
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \Sessions\1\BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4464:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1864:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6288:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:6812:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:1352:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:5676:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:3212:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6552:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:280:120:WilError_03
                              Source: C:\Windows\System32\conhost.exeMutant created: \BaseNamedObjects\Local\SM0:4412:120:WilError_03
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMutant created: \BaseNamedObjects\Global\netfxeventlog.1.0
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\TEMP\~DF329B2876A41199DB.TMPJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process WHERE ( Caption = &quot;AteraAgent.exe&quot;)
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile read: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Windows\System32\msiexec.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CAJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: 9rSeCZbjZE.msiStatic file information: TRID: Microsoft Windows Installer (60509/1) 57.88%
                              Source: 9rSeCZbjZE.msiReversingLabs: Detection: 26%
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe "C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\9rSeCZbjZE.msi"
                              Source: unknownProcess created: C:\Windows\System32\msiexec.exe C:\Windows\system32\msiexec.exe /V
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0E
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                              Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgent
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exe
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"
                              Source: unknownProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0EJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Windows\SysWOW64\msiexec.exe C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000Jump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentIdJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStartJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEndJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textinputframework.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coreuicomponents.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: coremessaging.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: textshaping.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msihnd.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: tsappcmp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netapi32.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: srclient.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: spp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: powrprof.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vssapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vsstrace.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: umpdc.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: msisip.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: rstrtmgr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ncrypt.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntasn1.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: pcacli.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: ntmarta.dllJump to behavior
                              Source: C:\Windows\System32\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: cabinet.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: licensemanagersvc.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: licensemanager.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: clipc.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: windows.staterepositorycore.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: windows.networking.connectivity.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dllJump to behavior
                              Source: C:\Windows\System32\svchost.exeSection loaded: wintypes.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: aclayers.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: sfc_os.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: msi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: samcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: dsrole.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: wkscli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: logoncli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\net1.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: uxtheme.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: riched20.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: usp10.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msls31.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dllJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: propsys.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: edputil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: urlmon.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iertutil.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: srvcli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: netutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: windows.staterepositoryps.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wintypes.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: appresolver.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: bcp47langs.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: slc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: sppc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecorecommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: onecoreuapcommonproxystub.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: cryptnet.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: webio.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: apphelp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptbase.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: windows.storage.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wldp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: profapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: wbemcomn.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: amsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: userenv.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasapi32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasman.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rtutils.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mswsock.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winhttp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ondemandconnroutehelper.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: iphlpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc6.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dhcpcsvc.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: dnsapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: winnsi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rasadhlp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: fwpuclnt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: secur32.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: sspicli.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: schannel.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mskeyprotect.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ntasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncrypt.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ncryptsslp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: msasn1.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: gpapi.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: mscoree.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: kernel.appcore.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: version.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: vcruntime140_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: ucrtbase_clr0400.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: cryptsp.dll
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeSection loaded: rsaenh.dll
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0A29FF9E-7F9C-4437-8B11-F424491E3931}\InprocServer32Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile written: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile opened: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorrc.dll
                              Source: 9rSeCZbjZE.msiStatic file information: File size 2994176 > 1048576
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbenSC source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\symbols\dll\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb<$ source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbi]M source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: l\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdb source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdbrePerm source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdbS* source: rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.PDB source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\AlphaControlAgentInstallation.pdb0 source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: nC:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\System.pdb'( source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: BouncyCastle.Crypto.pdbSHA256 source: BouncyCastle.Crypto.dll.2.dr
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgent\obj\Release\AteraAgent.pdb source: AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe.2.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdbSHA256 source: System.ValueTuple.dll.2.dr
                              Source: Binary string: \??\C:\Windows\System.pdb?+2 source: rundll32.exe, 00000005.00000002.2197833855.00000000070F2000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2196071130.00000000029A5000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195750211.00000000029A5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\System.pdbpdbtem.pdb| source: rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdbSHA256mW source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/src/ICSharpCode.SharpZipLib/obj/Release/net45/ICSharpCode.SharpZipLib.pdb source: AteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA2567 source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
                              Source: Binary string: \??\C:\Windows\symbols\dll\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AgentPackageAgentInformation\AgentPackageAgentInformation\obj\Release\AgentPackageAgentInformation.pdb source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E62000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.dr
                              Source: Binary string: nC:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195627530.0000000007105000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb3Z source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: HP~n\C:\Windows\AlphaControlAgentInstallation.pdb source: rundll32.exe, 00000005.00000002.2195934236.00000000025D7000.00000004.00000010.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320072167.0000000002937000.00000004.00000010.00020000.00000000.sdmp
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256 source: AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.16.dr
                              Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: rundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4594298646.0000029AA8B52000.00000002.00000001.01000000.0000001A.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440880883.00000232F0662000.00000002.00000001.01000000.00000019.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.16.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.2.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.dr
                              Source: Binary string: E:\A\_work\39\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.ValueTuple\netstandard1.0\System.ValueTuple.pdb source: System.ValueTuple.dll.2.dr
                              Source: Binary string: D:\a\1\s\AlphaControlAgentInstallation\obj\Release\AlphaControlAgentInstallation.pdbJ source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\wixca.pdb source: 9rSeCZbjZE.msi, 6788d4.msi.2.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, MSIA873.tmp.2.dr
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.PDBV source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\obj\ship\x86\WindowsInstaller\Microsoft.Deployment.WindowsInstaller.pdbP source: rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr
                              Source: Binary string: \??\C:\Windows\System.pdb source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.pdbc source: rundll32.exe, 00000013.00000002.2320385301.0000000002E05000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\1\s\Atera.AgentPackage.Common\obj\Release\Atera.AgentPackage.Common.pdbPf source: AgentPackageAgentInformation.exe, 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Atera.AgentPackage.Common.dll.16.dr
                              Source: Binary string: \??\C:\Windows\dll\AlphaControlAgentInstallation.pdbEER? source: rundll32.exe, 00000005.00000002.2197833855.0000000007100000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: mscorlib.pdb source: AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\Windows\AlphaControlAgentInstallation.pdbpdbion.pdb> source: rundll32.exe, 00000013.00000002.2320385301.0000000002EB0000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: \??\C:\Windows\Microsoft.Net\assembly\GAC_MSIL\System\v4.0_4.0.0.0__b77a5c561934e089\System.pdb source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2320385301.0000000002E7B000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdbSHA256 source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: D:\a\c-sharp\c-sharp\src\Api\PubnubApi\obj\Release\net45\Pubnub.pdb source: AteraAgent.exe, 0000000F.00000002.2262252437.00000227F86B2000.00000002.00000001.01000000.00000011.sdmp, Pubnub.dll.2.dr
                              Source: Binary string: l\System.pdba.co source: rundll32.exe, 00000005.00000003.2195673574.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196071130.0000000002A1D000.00000004.00000020.00020000.00000000.sdmp
                              Source: Binary string: C:\agent\_work\66\s\build\ship\x86\SfxCA.pdb source: 9rSeCZbjZE.msi, MSIA257.tmp.2.dr, MSIBFA8.tmp.2.dr, 6788d4.msi.2.dr, MSI90F1.tmp.2.dr, 6788d2.msi.2.dr, MSI8AD6.tmp.2.dr
                              Source: Binary string: BouncyCastle.Crypto.pdb source: BouncyCastle.Crypto.dll.2.dr
                              Source: BouncyCastle.Crypto.dll.2.drStatic PE information: 0xE49A52B3 [Sun Jul 15 06:22:43 2091 UTC]
                              Source: MSI90F1.tmp.2.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIBFA8.tmp.2.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSIA257.tmp.2.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: MSI8AD6.tmp.2.drStatic PE information: real checksum: 0x32353 should be: 0x88610
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A857B8 push es; ret 5_3_06A85840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A84E90 push es; ret 5_3_06A84EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A8B235 push ds; ret 5_3_06A8B243
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A8D1A1 push es; ret 5_3_06A8D1B0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A8DDC0 push es; ret 5_3_06A8DDD0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A858B0 push es; ret 5_3_06A858C0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06A858D1 push es; ret 5_3_06A858E0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 5_3_06B618F0 push es; ret 5_3_06B61900
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 15_2_00007FFD341200BD pushad ; iretd 15_2_00007FFD341200C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD341300BD pushad ; iretd 16_2_00007FFD341300C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD3414CA08 push FFFFFFE8h; ret 16_2_00007FFD3414CCF9
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34150AFB pushad ; ret 16_2_00007FFD34150B01
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34345FE4 push eax; ret 16_2_00007FFD34346014
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeCode function: 16_2_00007FFD34340421 push eax; ret 16_2_00007FFD34340444
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E257B8 push es; ret 19_3_06E25840
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E24EB0 push es; ret 19_3_06E24EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E24E90 push es; ret 19_3_06E24EA0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E258F0 push es; ret 19_3_06E25900
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E258D1 push es; ret 19_3_06E258E0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E258B0 push es; ret 19_3_06E258C0
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06E25910 push es; ret 19_3_06E25920
                              Source: C:\Windows\SysWOW64\rundll32.exeCode function: 19_3_06F084A1 push es; ret 19_3_06F084B0
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD34145587 push ebp; iretd 22_2_00007FFD341455D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 22_2_00007FFD341300BD pushad ; iretd 22_2_00007FFD341300C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD34155587 push ebp; iretd 24_2_00007FFD341555D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 24_2_00007FFD341400BD pushad ; iretd 24_2_00007FFD341400C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD341300BD pushad ; iretd 27_2_00007FFD341300C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 27_2_00007FFD34145587 push ebp; iretd 27_2_00007FFD341455D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD34125587 push ebp; iretd 29_2_00007FFD341255D8
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 29_2_00007FFD341100BD pushad ; iretd 29_2_00007FFD341100C1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeCode function: 31_2_00007FFD341100BD pushad ; iretd 31_2_00007FFD341100C1

                              Persistence and Installation Behavior

                              barindex
                              Creates files in the system32 config directory
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEBJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BA74182F76F15A9CF514DEF352303C95
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\1A374813EDB1A6631387E414D3E73232
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\329B6147266C1E26CD774EA22B79EC2E
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeFile created: C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBFA8.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA257.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA8E2.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9DD.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA883.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI90F1.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8AD6.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIBFA8.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA257.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA8E2.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA883.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI90F1.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSIA9DD.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeFile created: C:\Windows\Installer\MSI8AD6.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeFile created: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Windows\system32\InstallUtil.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeFile created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLogJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EventLog\ApplicationJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgent
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_USERS.DEFAULT\Software\Classes
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeKey value created or modified: HKEY_USERS.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates\7B0F360B775F76C94A12CA48445AA2D2A875701C Blob
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOGPFAULTERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess information set: NOOPENFILEERRORBOX

                              Malware Analysis System Evasion

                              barindex
                              Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select * from Win32_NetworkAdapter
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 227F6AE0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 227F87B0000 memory reserve | memory write watchJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 29A8FBE0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeMemory allocated: 29AA81B0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2CDA0670000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 2CDB8C70000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 232D7850000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 232EFEF0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 13A39300000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 13A51B30000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BC18B60000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1BC31150000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 290FBB30000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 290FC0E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 24D74D20000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 24D74F00000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 18F7EA50000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 18F7F070000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1EF26F80000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeMemory allocated: 1EF3F6E0000 memory reserve | memory write watch
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 3952
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWindow / User API: threadDelayed 5805
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA8E2.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA9DD.tmpJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSIA883.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmp-\System.Management.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI90F1.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\System32\msiexec.exeDropped PE file which has not been started: C:\Windows\Installer\MSI8AD6.tmpJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exeDropped PE file which has not been started: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dllJump to dropped file
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 4948Thread sleep time: -30000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 2612Thread sleep time: -60000s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 712Thread sleep time: -922337203685477s >= -30000sJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5368Thread sleep count: 3952 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 5368Thread sleep count: 5805 > 30
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3532Thread sleep time: -25825441703193356s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3532Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3176Thread sleep time: -130000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 6700Thread sleep time: -3689348814741908s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe TID: 3616Thread sleep time: -90000s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exe TID: 2324Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 420Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4576Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5004Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 6232Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 424Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 3800Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 424Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4048Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5004Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 7128Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 2132Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 348Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5704Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5656Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5844Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 5756Thread sleep time: -30000s >= -30000s
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe TID: 4512Thread sleep time: -922337203685477s >= -30000s
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select Manufacturer,Model,Product from Win32_BaseBoard
                              Source: C:\Windows\System32\sc.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : select PartOfDomain FROM Win32_ComputerSystem
                              Source: C:\Windows\SysWOW64\rundll32.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select Name from Win32_Processor
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477Jump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 30000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeThread delayed: delay time: 90000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeThread delayed: delay time: 922337203685477
                              Source: AgentPackageAgentInformation.exe.16.drBinary or memory string: VIRUSfighterAVMware Carbon Black Cloud Sensor7VMware Carbon Black Defense/VMware Carbon Black EDR9VMware Carbon Black Response
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F85B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWR
                              Source: AteraAgent.exe, 00000010.00000002.4595230345.0000029AA8DE2000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW!~7h
                              Source: AteraAgent.exe, 0000000F.00000002.2261733675.00000227F86A6000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 0000000F.00000002.2261733675.00000227F8641000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4592637429.0000029AA8AA5000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4597251992.0000029AA8E91000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                              Source: AgentPackageAgentInformation.exe, 00000021.00000002.3437826124.0000024D75766000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll,
                              Source: AgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB94E4000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllee<
                              Source: rundll32.exe, 00000005.00000002.2196071130.0000000002A09000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2195673574.0000000002A08000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllC
                              Source: rundll32.exe, 00000013.00000002.2320385301.0000000002E67000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2441336771.00000232F0858000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3086206858.0000013A52359000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3088315792.000001BC31A60000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3354507782.00000290FCA31000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F942000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3628398642.000001EF275D0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                              Source: C:\Windows\System32\msiexec.exeProcess information queried: ProcessInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeProcess token adjusted: Debug
                              Source: C:\Windows\SysWOW64\rundll32.exeMemory allocated: page read and write | page guardJump to behavior
                              Source: C:\Windows\System32\msiexec.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"Jump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\net.exe "NET" STOP AteraAgentJump to behavior
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Windows\SysWOW64\net.exeProcess created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 STOP AteraAgentJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Windows\System32\sc.exe "C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: unknown unknown
                              Source: C:\Windows\SysWOW64\msiexec.exeProcess created: C:\Windows\SysWOW64\taskkill.exe "TaskKill.exe" /f /im AteraAgent.exeJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeProcess created: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe "c:\program files (x86)\atera networks\ateraagent\packages\agentpackageagentinformation\agentpackageagentinformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/production 443 or8ixli90mf "minimalidentification" 001q300000mfxepia1
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\System32\msiexec.exeQueries volume information: C:\ VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformationJump to behavior
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Internals\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Internals.dll VolumeInformationJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll VolumeInformation
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_64\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                              Source: C:\Windows\SysWOW64\rundll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                              Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 Blob

                              Remote Access Functionality

                              barindex
                              Yara detected AteraAgent
                              Source: Yara matchFile source: 24.2.AgentPackageAgentInformation.exe.232d78a0000.1.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 15.0.AteraAgent.exe.227f6790000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 22.0.AgentPackageAgentInformation.exe.2cda0240000.0.unpack, type: UNPACKEDPE
                              Source: Yara matchFile source: 00000023.00000002.3539340207.0000018F7E890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4583954735.0000029A8FCA0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A39330000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2261210966.00000227F6C40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3627879487.000001EF27180000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D77C5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.000002278017C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.0000022780089000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D7748000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3083850156.0000013A39BA3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3088059317.000001BC31A40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3541368660.0000018F7F8F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2439180318.000002CDA0350000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2270413033.00000227F9000000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3352740799.00000290FB8AB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3539340207.0000018F7E8CF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4582467774.0000029A8F9BC000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2271843953.00007FFD341B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3346479513.00000290FB890000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3354008998.00000290FBB40000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3352740799.00000290FB919000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A393EE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3539340207.0000018F7E899000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2439795029.000002CDA0570000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2440110075.000002CDA0C71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081521658.000001BC18928000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3432709882.0000024D00083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.000002278008C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2439180318.000002CDA039D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3432709882.0000024D00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3352740799.00000290FB8D3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3539340207.0000018F7E8CD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF27018000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A39339000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3432709882.0000024D00073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F6A0B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2440110075.000002CDA0CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.00000227800B2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D7780000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2440060207.00000232D7F63000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3437507331.0000024D748A0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3629811902.000001EF276E1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3432709882.0000024D00047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3085296572.000001BC19151000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2270413033.00000227F8FE0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4576486295.000000C7BF4F5000.00000004.00000010.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4582467774.0000029A8F8E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3536757175.0000018F00083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A39378000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3353498099.00000290FB940000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081775812.000001BC189A5000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2440110075.000002CDA0CE3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D775B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3085296572.000001BC19197000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2270357117.00000227F8FD0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F69E6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2439180318.000002CDA0310000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439120515.00000232D7690000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3342887037.0000029080047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081521658.000001BC18920000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A393B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3342887037.0000029080083000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3081892011.0000013A395F0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081172588.000001BC188C0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.0000022780132000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3083850156.0000013A39B31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3342887037.0000029080073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3629811902.000001EF27763000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3539340207.0000018F7E91B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2440110075.000002CDA0CF3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A3936C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF26F99000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3083850156.0000013A39B77000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4595230345.0000029AA8D5D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4593698303.0000029AA8B39000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3541063423.0000018F7EA70000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3536757175.0000018F00047000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3536757175.0000018F00001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081775812.000001BC1893B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF26FD1000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4582467774.0000029A8F91E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2259421708.0000022780001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3437826124.0000024D75766000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F69E0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081775812.000001BC18963000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3352740799.00000290FB8CB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3436279705.0000024D7475C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3083850156.0000013A39BB3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3081775812.000001BC1895B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3629811902.000001EF27727000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D777C000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF26FCB000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF26F90000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3346479513.00000290FB898000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3436279705.0000024D74728000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3085296572.000001BC191D3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4582320301.0000029A8F870000.00000004.00000020.00040000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F6A21000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2260756977.00000227F6AAD000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001D.00000002.3085296572.000001BC191C3000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3436279705.0000024D747A4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3629811902.000001EF27753000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001F.00000002.3342887037.0000029080001000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000021.00000002.3436279705.0000024D74720000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000001B.00000002.3079848462.0000013A3934B000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000023.00000002.3536757175.0000018F00073000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2439303266.00000232D7740000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000025.00000002.3623340432.000001EF27050000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000010.00000002.4582467774.0000029A8F96A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: 00000018.00000002.2440060207.00000232D7EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 2012, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 3664, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 1008, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 3320, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AteraAgent.exe PID: 2404, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: rundll32.exe PID: 4788, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 2548, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3664, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6304, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5728, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 3756, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 6684, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 4080, type: MEMORYSTR
                              Source: Yara matchFile source: Process Memory Space: AgentPackageAgentInformation.exe PID: 5820, type: MEMORYSTR
                              Source: Yara matchFile source: C:\Windows\Temp\~DFE286531BC9E5DA5B.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF03F7F4E9FB6913B4.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF9BE70E11C712AC71.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF605B4EFF8857F184.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Config.Msi\6788d3.rbs, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\System32\InstallUtil.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF861F9EB41197E865.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\inprogressinstallinfo.ipi, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Temp\~DF329B2876A41199DB.TMP, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, type: DROPPED
                              Source: Yara matchFile source: C:\Windows\Installer\MSIA873.tmp, type: DROPPED
                              Source: Yara matchFile source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, type: DROPPED

                              Mitre Att&ck Matrix

                              ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                              Gather Victim Identity InformationAcquire Infrastructure1
                              Replication Through Removable Media                              		131
                              Windows Management Instrumentation                              		1
                              DLL Side-Loading                              		1
                              DLL Side-Loading                              		21
                              Disable or Modify Tools                              		OS Credential Dumping11
                              Peripheral Device Discovery                              		Remote Services11
                              Archive Collected Data                              		1
                              Ingress Tool Transfer                              		Exfiltration Over Other Network MediumAbuse Accessibility Features
                              CredentialsDomainsDefault Accounts1
                              Command and Scripting Interpreter                              		21
                              Windows Service                              		21
                              Windows Service                              		1
                              Deobfuscate/Decode Files or Information                              		LSASS Memory2
                              File and Directory Discovery                              		Remote Desktop ProtocolData from Removable Media11
                              Encrypted Channel                              		Exfiltration Over BluetoothNetwork Denial of Service
                              Email AddressesDNS ServerDomain Accounts11
                              Service Execution                              		Logon Script (Windows)11
                              Process Injection                              		21
                              Obfuscated Files or Information                              		Security Account Manager34
                              System Information Discovery                              		SMB/Windows Admin SharesData from Network Shared Drive2
                              Non-Application Layer Protocol                              		Automated ExfiltrationData Encrypted for Impact
                              Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
                              Timestomp                              		NTDS1
                              Query Registry                              		Distributed Component Object ModelInput Capture3
                              Application Layer Protocol                              		Traffic DuplicationData Destruction
                              Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                              DLL Side-Loading                              		LSA Secrets221
                              Security Software Discovery                              		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                              Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                              File Deletion                              		Cached Domain Credentials1
                              Process Discovery                              		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                              DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items122
                              Masquerading                              		DCSync151
                              Virtualization/Sandbox Evasion                              		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                              Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                              Modify Registry                              		Proc Filesystem1
                              Application Window Discovery                              		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                              Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt151
                              Virtualization/Sandbox Evasion                              		/etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                              IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron11
                              Process Injection                              		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement
                              Network Security AppliancesDomainsCompromise Software Dependencies and Development ToolsAppleScriptLaunchdLaunchd1
                              Rundll32                              		Input CaptureSystem Network Connections DiscoverySoftware Deployment ToolsRemote Data StagingMail ProtocolsExfiltration Over Unencrypted Non-C2 ProtocolFirmware Corruption

                              Behavior Graph

                              Hide Legend

                              Legend:

                              • Process
                              • Signature
                              • Created File
                              • DNS/IP Info
                              • Is Dropped
                              • Is Windows Process
                              • Number of created Registry Values
                              • Number of created Files
                              • Visual Basic
                              • Delphi
                              • Java
                              • .Net C# or VB.NET
                              • C, C++ or other language
                              • Is malicious
                              • Internet
                              behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1524429 Sample: 9rSeCZbjZE.msi Startdate: 02/10/2024 Architecture: WINDOWS Score: 88 101 ps.pndsn.com 2->101 103 ps.atera.com 2->103 105 4 other IPs or domains 2->105 113 Multi AV Scanner detection for dropped file 2->113 115 Multi AV Scanner detection for submitted file 2->115 117 Yara detected AteraAgent 2->117 119 3 other signatures 2->119 9 msiexec.exe 82 43 2->9         started        12 AteraAgent.exe 2->12         started        16 svchost.exe 2->16         started        18 msiexec.exe 5 2->18         started        signatures3 process4 dnsIp5 85 C:\Windows\Installer\MSIBFA8.tmp, PE32 9->85 dropped 87 C:\Windows\Installer\MSIA257.tmp, PE32 9->87 dropped 89 C:\Windows\Installer\MSI90F1.tmp, PE32 9->89 dropped 99 20 other files (17 malicious) 9->99 dropped 20 msiexec.exe 9->20         started        22 AteraAgent.exe 6 13 9->22         started        26 msiexec.exe 9->26         started        107 d25btwd9wax8gu.cloudfront.net 13.35.58.104, 443, 49734, 49739 AMAZON-02US United States 12->107 109 35.157.63.228, 443, 49747, 49748 AMAZON-02US United States 12->109 111 ps.pndsn.com 35.157.63.229, 443, 49722, 49724 AMAZON-02US United States 12->111 91 C:\...91ewtonsoft.Json.dll, PE32 12->91 dropped 93 C:\...\Atera.AgentPackage.Common.dll, PE32 12->93 dropped 95 C:\...\AgentPackageAgentInformation.exe, PE32 12->95 dropped 97 AgentPackageAgentInformation.exe.config, XML 12->97 dropped 131 Creates files in the system32 config directory 12->131 133 Reads the Security eventlog 12->133 135 Reads the System eventlog 12->135 28 AgentPackageAgentInformation.exe 12->28         started        30 sc.exe 12->30         started        32 AgentPackageAgentInformation.exe 12->32         started        34 6 other processes 12->34 file6 signatures7 process8 file9 36 rundll32.exe 8 20->36         started        40 rundll32.exe 15 9 20->40         started        42 rundll32.exe 7 20->42         started        44 rundll32.exe 20->44         started        81 C:\Windows\System32\InstallUtil.InstallLog, Unicode 22->81 dropped 83 C:\...\AteraAgent.InstallLog, Unicode 22->83 dropped 123 Creates files in the system32 config directory 22->123 125 Reads the Security eventlog 22->125 127 Reads the System eventlog 22->127 52 2 other processes 26->52 46 conhost.exe 28->46         started        48 conhost.exe 30->48         started        50 conhost.exe 32->50         started        54 6 other processes 34->54 signatures10 process11 file12 73 4 other files (2 malicious) 36->73 dropped 121 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 36->121 63 C:\Windows\Installer\...63ewtonsoft.Json.dll, PE32 40->63 dropped 75 3 other files (1 malicious) 40->75 dropped 65 C:\Windows\Installer\...65ewtonsoft.Json.dll, PE32 42->65 dropped 67 C:\...\AlphaControlAgentInstallation.dll, PE32 42->67 dropped 77 2 other files (none is malicious) 42->77 dropped 69 C:\Windows\Installer\...69ewtonsoft.Json.dll, PE32 44->69 dropped 71 C:\...\AlphaControlAgentInstallation.dll, PE32 44->71 dropped 79 2 other files (none is malicious) 44->79 dropped 56 conhost.exe 52->56         started        59 conhost.exe 52->59         started        61 net1.exe 1 52->61         started        signatures13 process14 signatures15 129 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 56->129

                              Screenshots

                              Thumbnails

                              This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                              windows-stand

                              Antivirus, Machine Learning and Genetic Malware Detection

                              Initial Sample

                              SourceDetectionScannerLabelLink
                              9rSeCZbjZE.msi26%ReversingLabsWin32.Trojan.Atera

                              Dropped Files

                              SourceDetectionScannerLabelLink
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe26%ReversingLabsWin32.Trojan.Atera
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll0%ReversingLabs
                              C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll0%ReversingLabs
                              C:\Windows\Installer\MSI8AD6.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSI90F1.tmp0%ReversingLabs
                              C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA257.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA257.tmp-\System.Management.dll0%ReversingLabs
                              C:\Windows\Installer\MSIA883.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIA8E2.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIA9DD.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIBFA8.tmp0%ReversingLabs
                              C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll0%ReversingLabs
                              C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll0%ReversingLabs
                              C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll0%ReversingLabs
                              C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll0%ReversingLabs

                              Unpacked PE Files

                              No Antivirus matches

                              Domains

                              No Antivirus matches

                              URLs

                              SourceDetectionScannerLabelLink
                              http://crl.microsoft0%URL Reputationsafe
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name0%URL Reputationsafe

                              Domains and IPs

                              Contacted Domains

                              NameIPActiveMaliciousAntivirus DetectionReputation
                              ps.pndsn.com
                              		35.157.63.229
                              		truefalse
                                		unknown
                                d25btwd9wax8gu.cloudfront.net
                                		13.35.58.104
                                		truefalse
                                  		unknown
                                  fp2e7a.wpc.phicdn.net
                                  		192.229.221.95
                                  		truefalse
                                    		unknown
                                    ps.atera.com
                                    		unknown
                                    		unknownfalse
                                      		unknown
                                      agent-api.atera.com
                                      		unknown
                                      		unknownfalse
                                        		unknown

                                        Contacted URLs

                                        NameMaliciousAntivirus DetectionReputation
                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                          		unknown
                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                            		unknown
                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                              		unknown
                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                		unknown
                                                https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                  		unknown
                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                    		unknown
                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                      		unknown
                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                        		unknown
                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                          		unknown
                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                            		unknown
                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                              		unknown
                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                		unknown
                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                  		unknown
                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                    		unknown
                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                      		unknown
                                                                      https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                        		unknown
                                                                        https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                          		unknown
                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                            		unknown
                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                              		unknown
                                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                		unknown
                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                  		unknown
                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                    		unknown
                                                                                    https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                      		unknown
                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                        		unknown
                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                          		unknown
                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                            		unknown
                                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                              		unknown
                                                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                		unknown
                                                                                                https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                  		unknown
                                                                                                  https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                    		unknown
                                                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                      		unknown
                                                                                                      https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                        		unknown
                                                                                                        https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                          		unknown
                                                                                                          https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                            		unknown
                                                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                              		unknown
                                                                                                              https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                		unknown
                                                                                                                https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                  		unknown
                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                    		unknown
                                                                                                                    https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                      		unknown
                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                        		unknown
                                                                                                                        https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                          		unknown
                                                                                                                          https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                            		unknown
                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                              		unknown
                                                                                                                              https://ps.pndsn.com/v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                                		unknown
                                                                                                                                https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4cfalse
                                                                                                                                  		unknown

                                                                                                                                  URLs from Memory and Binaries

                                                                                                                                  NameSourceMaliciousAntivirus DetectionReputation
                                                                                                                                  http://schemas.datacontract.orgAteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		unknown
                                                                                                                                    http://crl.microsoftAgentPackageAgentInformation.exe, 00000023.00000002.3541368660.0000018F7F9AA000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    		unknown
                                                                                                                                    https://agent-api.atera.com/Production/Agent/GetCommands)AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		unknown
                                                                                                                                      https://agent-api.atera.com/Production/Agent/track-eventrundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		unknown
                                                                                                                                        http://dl.google.com/googletalk/googletalk-setup.exeAteraAgent.exe, 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, AgentPackageAgentInformation.exe.16.drfalse
                                                                                                                                          		unknown
                                                                                                                                          https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=17243d50-1dca-4ab3-8ffd-cdd1f9da06cfAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		unknown
                                                                                                                                            https://agent-api.atera.com/Production/Agent/GetCommands0AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		unknown
                                                                                                                                              https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2bAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		unknown
                                                                                                                                                https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=78a683fe-d9e2-4a77-b254-ef31610e8e8aAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		unknown
                                                                                                                                                  https://agent-api.atera.com/Production/Agent/rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                    		unknown
                                                                                                                                                    http://schemas.datacontract.org/2004/07/System.ServiceProcessAteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                      		unknown
                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=79393e20-2c61-46ac-ae9a-25b77ed36f5fAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		unknown
                                                                                                                                                        http://wixtoolset.orgrundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, 9rSeCZbjZE.msi, Microsoft.Deployment.WindowsInstaller.dll.4.dr, 6788d4.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, MSIA883.tmp.2.dr, 6788d2.msi.2.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, MSIA9DD.tmp.2.dr, MSIA8E2.tmp.2.dr, Microsoft.Deployment.WindowsInstaller.dll.5.dr, MSIA873.tmp.2.drfalse
                                                                                                                                                          		unknown
                                                                                                                                                          https://agent-api.atera.com/ProductionAgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		unknown
                                                                                                                                                            https://ps.atera.com/agentpackagesnet45/Agent.Package.Watchdog/1.5/Agent.Package.Watchdog.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                              		unknown
                                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetCommandsFallback2AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		unknown
                                                                                                                                                                https://agent-api.atera.com/Production/Agent/GetCommandsFallback0AteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		unknown
                                                                                                                                                                  https://ps.atera.com/agentpackageswin/AgentPackageRuntimeInstaller/13.0/AgentPackageRuntimeInstallerAteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		unknown
                                                                                                                                                                    http://acontrol.atera.com/AteraAgent.exe, 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe.2.drfalse
                                                                                                                                                                      		unknown
                                                                                                                                                                      https://agent-api.atera.com/Production/Agent/AgentStarting)AteraAgent.exe, 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		unknown
                                                                                                                                                                        https://ps.atera.com/agentpackagesmac/AgentPackageAgentInformation/37.9/AgentPackageAgentInformationAteraAgent.exe, 00000010.00000002.4584191988.0000029A9031F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034B000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		unknown
                                                                                                                                                                          https://ps.pndsn.comAteraAgent.exe, 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                            		unknown
                                                                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=68d2cd14-add9-4c6c-a93e-77e26890884eAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              		unknown
                                                                                                                                                                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                              • URL Reputation: safe
                                                                                                                                                                              		unknown
                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageNetworkDiscovery/23.9/AgentPackageNetworkDiscoveAteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		unknown
                                                                                                                                                                                http://agent-api.atera.comrundll32.exe, 00000005.00000002.2196990122.00000000047A5000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9084D000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AE5000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D9F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D801F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39C5F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1927F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.000002908012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F0012F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2780F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		unknown
                                                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e72fe1fd-d99c-400f-8cf3-5c7c15cf01f0AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                    		unknown
                                                                                                                                                                                    http://schemas.datacontract.org/2004/07/AteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                      		unknown
                                                                                                                                                                                      https://github.com/icsharpcode/SharpZipLibAteraAgent.exe, 00000010.00000002.4598030984.0000029AA9152000.00000002.00000001.01000000.0000001B.sdmp, ICSharpCode.SharpZipLib.dll.2.drfalse
                                                                                                                                                                                        		unknown
                                                                                                                                                                                        https://ps.atera.com/agentpackagescrossplatform/AgentPackageAgentInformation/1.13/AgentPackageAgentIAteraAgent.exe, 00000010.00000002.4584191988.0000029A90357000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90275000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		unknown
                                                                                                                                                                                          http://wixtoolset.org/Whttp://wixtoolset.org/telemetry/vrundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Microsoft.Deployment.WindowsInstaller.dll.4.dr, Microsoft.Deployment.WindowsInstaller.dll.19.dr, Microsoft.Deployment.WindowsInstaller.dll.8.dr, Microsoft.Deployment.WindowsInstaller.dll.5.drfalse
                                                                                                                                                                                            		unknown
                                                                                                                                                                                            https://ps.pndsn.com/v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		unknown
                                                                                                                                                                                              https://ps.atera.com/agentpackagesnet45/AgentPackageTaskScheduler/17.2/AgentPackageTaskScheduler.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                		unknown
                                                                                                                                                                                                https://ps.pndsn.coAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                  https://agent-api.atera.comrundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, AgentPackageAgentInformation.exe, 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                    https://agent-api.atera.com/Production/Agent/AgentStartingAteraAgent.exe, 00000010.00000002.4584191988.0000029A90367000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                      http://www.w3.ohAteraAgent.exe, 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                        https://agent-api.atera.com/Production/Agent/GetCommandsAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9039A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                          https://agent-api.atera.com/rundll32.exe, 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, rundll32.exe, 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, AlphaControlAgentInstallation.dll.8.dr, AlphaControlAgentInstallation.dll.5.dr, AlphaControlAgentInstallation.dll.19.dr, AlphaControlAgentInstallation.dll.4.drfalse
                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                            https://agent-api.atera.com/Production/Agent/GetCommandsFallbackpAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                              https://agent-api.atera.com/Production/Agent/GetRecurringPackagesAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                https://ps.atera.com/agentpackageswin/Agent.Package.Availability/13.0/Agent.Package.Availability.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                  https://www.newtonsoft.com/jsonschemaNewtonsoft.Json.dll.19.drfalse
                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                    http://cacerts.digicert.FAgentPackageAgentInformation.exe, 00000016.00000002.2441265655.000002CDB9529000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                      https://ps.atera.com/agentpackagesmac/AgentPackageRuntimeInstaller/1.5/AgentPackageRuntimeInstaller.AteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                        https://ps.atera.com/agentpackageswin/Agent.Package.Watchdog/13.0/Agent.Package.Watchdog.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                          https://ps.atera.com/agentpackagesnet45/Agent.Package.Availability/0.16/Agent.Package.Availability.zAteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903EE000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		unknown
                                                                                                                                                                                                                            https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5a52dd9-092a-47a9-965a-6b556c722544AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              		unknown
                                                                                                                                                                                                                              https://ps.atera.com/agentpackagesmac/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                		unknown
                                                                                                                                                                                                                                https://ps.atera.com/agentpackagesnet45/Agent.Package.IotPoc/0.2/Agent.Package.IotPoc.zipAteraAgent.exe, 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9034F000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90343000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90353000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90216000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A903E2000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90212000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90313000.00000004.00000800.00020000.00000000.sdmp, AteraAgent.exe, 00000010.00000002.4584191988.0000029A90317000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		unknown
                                                                                                                                                                                                                                  https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=08b51ed0-2f58-4675-b289-2b6f9275c37cAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		unknown
                                                                                                                                                                                                                                    https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8370432f-ad78-46cb-91a9-bb6b24dcdf0fAteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		unknown
                                                                                                                                                                                                                                      https://ps.pndsn.com/time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3AteraAgent.exe, 00000010.00000002.4584191988.0000029A90451000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		unknown
                                                                                                                                                                                                                                        https://www.newtonsoft.com/jsonrundll32.exe, 00000004.00000003.2145704087.000000000407A000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000003.2155159559.000000000452E000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000008.00000003.2199879729.0000000004255000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000013.00000003.2275227781.00000000048AA000.00000004.00000020.00020000.00000000.sdmp, Newtonsoft.Json.dll.8.dr, Newtonsoft.Json.dll.4.dr, Newtonsoft.Json.dll.5.dr, Newtonsoft.Json.dll.19.drfalse
                                                                                                                                                                                                                                          		unknown
                                                                                                                                                                                                                                          https://agent-api.atera.com/Production/Agent/AgeAteraAgent.exe, 00000010.00000002.4584191988.0000029A90B3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		unknown

                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                            35.157.63.228
                                                                                                                                                                                                                                            		unknownUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            35.157.63.229
                                                                                                                                                                                                                                            		ps.pndsn.comUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse
                                                                                                                                                                                                                                            13.35.58.104
                                                                                                                                                                                                                                            		d25btwd9wax8gu.cloudfront.netUnited States
                                                                                                                                                                                                                                            		16509AMAZON-02USfalse

                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                            Analysis ID:1524429
                                                                                                                                                                                                                                            Start date and time:2024-10-02 19:17:09 +02:00
                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                            Overall analysis duration:0h 13m 57s
                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                            Number of analysed new started processes analysed:39
                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                            Sample name:9rSeCZbjZE.msi
                                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                                            Original Sample Name:c4e4332cf78e92bef45cab4d8d9a29a8.msi
                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                            Classification:mal88.troj.spyw.evad.winMSI@54/78@33/3
                                                                                                                                                                                                                                            EGA Information:Failed
                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                            • Successful, ratio: 84%
                                                                                                                                                                                                                                            • Number of executed functions: 408
                                                                                                                                                                                                                                            • Number of non-executed functions: 3
                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                            • Found application associated with file extension: .msi
                                                                                                                                                                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                            • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, backgroundTaskHost.exe
                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 40.119.152.241, 192.229.221.95, 93.184.221.240
                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): crl.edge.digicert.com, client.wns.windows.com, slscr.update.microsoft.com, ctldl.windowsupdate.com.delivery.microsoft.com, wu.ec.azureedge.net, cacerts.digicert.com, agentsapi.trafficmanager.net, ctldl.windowsupdate.com, wu.azureedge.net, fe3cr.delivery.mp.microsoft.com, ocsp.digicert.com, atera-agent-api-eu.westeurope.cloudapp.azure.com, ocsp.edge.digicert.com, bg.apr-52dd2-0503.edgecastdns.net, cs11.wpc.v0cdn.net, hlb.apr-52dd2-0.edgecastdns.net, crl3.digicert.com, crl4.digicert.com, wu-b-net.trafficmanager.net
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 2548 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 3664 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 3756 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 4080 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 5728 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 5820 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 6304 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AgentPackageAgentInformation.exe, PID 6684 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 2404 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target AteraAgent.exe, PID 3320 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 1008 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 2012 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 3664 because it is empty
                                                                                                                                                                                                                                            • Execution Graph export aborted for target rundll32.exe, PID 4788 because it is empty
                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                                                                                                            • Report size getting too big, too many NtSetInformationFile calls found.
                                                                                                                                                                                                                                            • Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                            • VT rate limit hit for: 9rSeCZbjZE.msi

                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                            TimeTypeDescription
                                                                                                                                                                                                                                            13:18:07API Interceptor2x Sleep call for process: rundll32.exe modified
                                                                                                                                                                                                                                            13:18:12API Interceptor8660495x Sleep call for process: AteraAgent.exe modified
                                                                                                                                                                                                                                            13:18:31API Interceptor8x Sleep call for process: AgentPackageAgentInformation.exe modified

                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                            35.157.63.228SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                  Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                    forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msiGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                                                                        VirginMediaBill26012020.msiGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                                                                          https://www.hctc.app/2ff42844-f75c-416d-b7ab-3d4167f2c303Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                            cqIMFiGPGW.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                              setup.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                35.157.63.229TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                    AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.22990.5900.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                        Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                            SecuriteInfo.com.Program.RemoteAdminNET.1.1711.8851.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                              Adobe.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.29844.msiGet hashmaliciousGhostRatBrowse
                                                                                                                                                                                                                                                                                    13.35.58.104TRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                      http://bafkreifp7yfxo4ctt3m7lbnllhfos7oh2lqdo4li26advdrlicn7he5uoe.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                        http://bafybeibhmsdggu4473b4qp3dcftktisw3ocoea5jkvvgqjg5fm4uw5dt6q.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                          http://bafybeie3txjdeje4l5ozu4ridch6m3rtnamesmx2twrjclviybzviukvky.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            http://bafybeiaobjavzz3au4hcldigzcrhqyank6i2lsna4x2nmft6u4q5yv5rom.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              http://bafybeiggyh6at5mvxrexrzuyy2nkxfz2uboujj6bzo6r6d37pd2hqhtck4.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                http://bafybeidxh7zwmguxvh5h5hfaqk67gbpxrygos56j5szrdyqqwqpbpy4uaa.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                  https://bafybeia35a3ucx2ie3pd5fodjdu3zjhosju4vob6im75gzy35uio3vmtde.ipfs.dweb.link/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                      https://bafybeigfy6o3zejfzsthaihxddbc3mjeffxb4wcg46vfmfhzbirbcghghe.ipfs.dweb.link/Get hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                        Domains

                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                        ps.pndsn.comGuidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.227
                                                                                                                                                                                                                                                                                                        forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        VANTAGENS_BBCLIENTES00001S4D444400000S.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.227
                                                                                                                                                                                                                                                                                                        2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        2503.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 54.175.191.204
                                                                                                                                                                                                                                                                                                        Salary.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 54.175.191.203
                                                                                                                                                                                                                                                                                                        https://kinneretacil.egnyte.com/fl/gRykrFURtEGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 54.175.191.203
                                                                                                                                                                                                                                                                                                        Tejasnetworks.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 54.175.191.203
                                                                                                                                                                                                                                                                                                        Polaristek.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 54.175.191.204
                                                                                                                                                                                                                                                                                                        d25btwd9wax8gu.cloudfront.netGuidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 99.86.114.21
                                                                                                                                                                                                                                                                                                        Lisect_AVT_24003_G1B_84.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 18.66.112.74
                                                                                                                                                                                                                                                                                                        forumapp.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 18.66.112.49
                                                                                                                                                                                                                                                                                                        VANTAGENS_BBCLIENTES00001S4D444400000S.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 143.204.68.99
                                                                                                                                                                                                                                                                                                        2cFFfHDG7D.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 3.165.136.99
                                                                                                                                                                                                                                                                                                        2503.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 99.84.160.56
                                                                                                                                                                                                                                                                                                        Salary.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 108.139.47.50
                                                                                                                                                                                                                                                                                                        https://kinneretacil.egnyte.com/fl/gRykrFURtEGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                        • 108.139.47.50
                                                                                                                                                                                                                                                                                                        Tejasnetworks.com.webinar.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 13.249.39.105
                                                                                                                                                                                                                                                                                                        Polaristek.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 13.249.39.105
                                                                                                                                                                                                                                                                                                        fp2e7a.wpc.phicdn.nethttps://kfdsh.org/frrgde?e=Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        dropbox.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        dropbox.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        https://tqaun.us12.list-manage.com/track/click?u=fb0a5f04fa3c936488ff652c3&id=d22699c399&e=ce0a629e2eGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        MBD573792309-CGO7238929273-XDG02823929.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        http://freemangas.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        https://app.glorify.com/file/1193241?format=90Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        https://sportmansguilde.com/?https://www.office.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        http://Asm.alcateia.orgGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95
                                                                                                                                                                                                                                                                                                        https://www.cognitoforms.com/f/rADrEGHdv0GgqbomuoObjQ/1Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                        • 192.229.221.95

                                                                                                                                                                                                                                                                                                        ASNs

                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                        AMAZON-02US0XVZC3kfwL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                                                        nTHivMbGpg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                                                        main_ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                                                                                                                        yakov.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 18.191.162.167
                                                                                                                                                                                                                                                                                                        yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 108.128.211.34
                                                                                                                                                                                                                                                                                                        novo.arm5.elfGet hashmaliciousMoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.218.85.75
                                                                                                                                                                                                                                                                                                        novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 108.156.207.191
                                                                                                                                                                                                                                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.124.163.228
                                                                                                                                                                                                                                                                                                        novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.184.182.174
                                                                                                                                                                                                                                                                                                        AMAZON-02US0XVZC3kfwL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                                                        nTHivMbGpg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                                                        main_ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                                                                                                                        yakov.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 18.191.162.167
                                                                                                                                                                                                                                                                                                        yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 108.128.211.34
                                                                                                                                                                                                                                                                                                        novo.arm5.elfGet hashmaliciousMoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.218.85.75
                                                                                                                                                                                                                                                                                                        novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 108.156.207.191
                                                                                                                                                                                                                                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.124.163.228
                                                                                                                                                                                                                                                                                                        novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.184.182.174
                                                                                                                                                                                                                                                                                                        AMAZON-02US0XVZC3kfwL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.49
                                                                                                                                                                                                                                                                                                        nTHivMbGpg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 185.166.143.50
                                                                                                                                                                                                                                                                                                        main_ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 34.249.145.219
                                                                                                                                                                                                                                                                                                        yakov.arm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 18.191.162.167
                                                                                                                                                                                                                                                                                                        yakov.arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                        • 108.128.211.34
                                                                                                                                                                                                                                                                                                        novo.arm5.elfGet hashmaliciousMoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.171.230.55
                                                                                                                                                                                                                                                                                                        novo.arm64.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.218.85.75
                                                                                                                                                                                                                                                                                                        novo.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 108.156.207.191
                                                                                                                                                                                                                                                                                                        novo.ppc.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.124.163.228
                                                                                                                                                                                                                                                                                                        novo.ppc440fp.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                        • 54.184.182.174

                                                                                                                                                                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0efile.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        0XVZC3kfwL.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        nTHivMbGpg.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        PO-A1702108.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        QUOTATION_OCTQTRA071244PDF.scr.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        • 35.157.63.228
                                                                                                                                                                                                                                                                                                        • 35.157.63.229
                                                                                                                                                                                                                                                                                                        • 13.35.58.104

                                                                                                                                                                                                                                                                                                        Dropped Files

                                                                                                                                                                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                        C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dllTRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                          SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                            AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                    SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                      4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                        setup_it_security (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                          Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                            C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exeTRABALHO----PROCESSO0014S55-S440000000S1.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                              SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                AdobeUpdate.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                  SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                    Y3Wvl9aYAU.cmdGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                      SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                        SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                          4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                            setup_it_security (1).msiGet hashmaliciousAteraAgentBrowse
                                                                                                                                                                                                                                                                                                                                              Guidelines_for_Citizen_Safety.msiGet hashmaliciousAteraAgentBrowse

                                                                                                                                                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                C:\Config.Msi\6788d3.rbs

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):8825
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.657665119525841
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:192:YjTxz1ccbTOOeMe0261K7r6IHfK7r6kAVv70HVotBVeZEmzmYpLAV777OpY95r:YXD28OpOtiB2iH
                                                                                                                                                                                                                                                                                                                                                MD5:67989E9ACF968AAEA7FE840E25C3C747
                                                                                                                                                                                                                                                                                                                                                SHA1:67FCF2A8CCA09D55259ABD6524901AE2028ACADF
                                                                                                                                                                                                                                                                                                                                                SHA-256:0A5C77147BD6668B7478C418D6B06328E8CFDED5453F64396B1DFEA6D5D95278
                                                                                                                                                                                                                                                                                                                                                SHA-512:BA8874A12CF57C646E6426D149B6E123FB5DA49C12A7FCEA17A7B15D698FD2BE30389C53F926820B00A0372482C40E30FD43A7F1749F07717D8B4EBCBE6E4301
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Config.Msi\6788d3.rbs, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:...@IXOS.@.....@EjBY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..9rSeCZbjZE.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]....StopAteraServiceQuiet....KillAteraTaskQuiet....ProcessComponents..Updating component registration..&.{F7DFE9BA-9FAD-11DA-9578-00E08161165F}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{C8C868DC-3A5E-4180-A7BB-03D6282966CB}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{0EC8B23C-C723-41E1-9105-4B9C2CDAD47A}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F1B1B9D1-F1B0-420C-9D93-F04E9BD4795D}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{5F95F700-DCA4-4880-B2D2-891AE0D6E1A3}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{F62C52BA-15C7-4C3D-AAB2-DE65004F9665}&.{E732A0D7-A2F2-4657-AC41-B19742648E45}.@......&.{38F01010-E31

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):753
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.853078320826549
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:qLLYem7haYNem7hcomf3em7hUQLtygXnC9xkKxeCsx/Yem7haYNem7hcomf3em7B:qLUVhzVhM3VhdLtXXIxkKxeCsOVhzVhY
                                                                                                                                                                                                                                                                                                                                                MD5:8298451E4DEE214334DD2E22B8996BDC
                                                                                                                                                                                                                                                                                                                                                SHA1:BC429029CC6B42C59C417773EA5DF8AE54DBB971
                                                                                                                                                                                                                                                                                                                                                SHA-256:6FBF5845A6738E2DC2AA67DD5F78DA2C8F8CB41D866BBBA10E5336787C731B25
                                                                                                                                                                                                                                                                                                                                                SHA-512:CDA4FFD7D6C6DFF90521C6A67A3DBA27BF172CC87CEE2986AE46DCCD02F771D7E784DCAD8AEA0AD10DECF46A1C8AE1041C184206EC2796E54756E49B9217D7BA
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:.Installing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..Installing service AteraAgent.....Service AteraAgent has been successfully installed...Creating EventLog source AteraAgent in log Application.....Committing assembly 'C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe'...Affected parameters are:.. logtoconsole = .. assemblypath = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.. logfile = C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog..

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallState

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (7463), with no line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):7466
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.1606801095705865
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:96:R3DrP/zatgCnNjn1x62muDr9aHmzcv/65m7JDcm0BefnanGEkn56vT4ZvR++JDr+:NexdYX7OSRjXsaA0Ndhi
                                                                                                                                                                                                                                                                                                                                                MD5:362CE475F5D1E84641BAD999C16727A0
                                                                                                                                                                                                                                                                                                                                                SHA1:6B613C73ACB58D259C6379BD820CCA6F785CC812
                                                                                                                                                                                                                                                                                                                                                SHA-256:1F78F1056761C6EBD8965ED2C06295BAFA704B253AFF56C492B93151AB642899
                                                                                                                                                                                                                                                                                                                                                SHA-512:7630E1629CF4ABECD9D3DDEA58227B232D5C775CB480967762A6A6466BE872E1D57123B08A6179FE1CFBC09403117D0F81BC13724F259A1D25C1325F1EAC645B
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><ArrayOfKeyValueOfanyTypeanyType xmlns:i="http://www.w3.org/2001/XMLSchema-instance" xmlns:x="http://www.w3.org/2001/XMLSchema" z:Id="1" z:Type="System.Collections.Hashtable" z:Assembly="0" xmlns:z="http://schemas.microsoft.com/2003/10/Serialization/" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays"><LoadFactor z:Id="2" z:Type="System.Single" z:Assembly="0" xmlns="">0.72</LoadFactor><Version z:Id="3" z:Type="System.Int32" z:Assembly="0" xmlns="">2</Version><Comparer i:nil="true" xmlns="" /><HashCodeProvider i:nil="true" xmlns="" /><HashSize z:Id="4" z:Type="System.Int32" z:Assembly="0" xmlns="">3</HashSize><Keys z:Id="5" z:Type="System.Object[]" z:Assembly="0" z:Size="2" xmlns=""><anyType z:Id="6" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/2003/10/Serialization/Arrays">_reserved_nestedSavedStates</anyType><anyType z:Id="7" z:Type="System.String" z:Assembly="0" xmlns="http://schemas.microsoft.com/20

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):145968
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.874150428357998
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:bk/SImWggsVz8TzihTmmrG/GOXYsqRK3ybTXzpUTQM9/FMp:ISWB/YrRK3yb37
                                                                                                                                                                                                                                                                                                                                                MD5:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                                SHA1:E9AA4E6C514EE951665A7CD6F0B4A4C49146241D
                                                                                                                                                                                                                                                                                                                                                SHA-256:A96A0BA7998A6956C8073B6EFF9306398CC03FB9866E4CABF0810A69BB2A43B2
                                                                                                                                                                                                                                                                                                                                                SHA-512:23F3BD44A5FB66BE7FEA3F7D6440742B657E4050B565C1F8F4684722502D46B68C9E54DCC2486E7DE441482FCC6AA4AD54E94B1D73992EB5D070E2A17F35DE2F
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                • Filename: TRABALHO----PROCESSO0014S55-S440000000S1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: AdobeUpdate.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: Y3Wvl9aYAU.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: 4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: setup_it_security (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..e.........."...0.............f$... ...@....@.. ...............................1....`..................................$..O....@..,...............0(...`......."............................................... ............... ..H............text...|.... ...................... ..`.rsrc...,....@......................@..@.reloc.......`......................@..B................H$......H.......(...D4..........l!..p.............................................{....*.0..N........~......,.~.....+:(.......~....(........(....#.......@....,.(.....+.~.....+..*...0..;........(.......(.....1.(.......(........+....,.~.....+.~.....+..*..0..6........~....%-.&~..........s....%.....s ......o!.....o"....*...0..O........(...........~#...r...po$..........,..rG..ps%...z.rO..p.....(&....~.....o'....*..0..>........~#...r...po(............,'.~#...r...po$............,.rG..ps%...

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1442
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.076953226383825
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:JdfrdB2nk3Jc3J4YH33Jy34OqsJ+J4YHKJy34OOAPF7NhOXrRH2/d9r:3frf2nKS4YHJyILsJ+J4YHKJyIv47O7w
                                                                                                                                                                                                                                                                                                                                                MD5:B3BB71F9BB4DE4236C26578A8FAE2DCD
                                                                                                                                                                                                                                                                                                                                                SHA1:1AD6A034CCFDCE5E3A3CED93068AA216BD0C6E0E
                                                                                                                                                                                                                                                                                                                                                SHA-256:E505B08308622AD12D98E1C7A07E5DC619A2A00BCD4A5CBE04FE8B078BCF94A2
                                                                                                                                                                                                                                                                                                                                                SHA-512:FB6A46708D048A8F964839A514315B9C76659C8E1AB2CD8C5C5D8F312AA4FB628AB3CE5D23A793C41C13A2AA6A95106A47964DAD72A5ECB8D035106FC5B7BA71
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. .. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.5" /></startup>.... <appSettings>.. .. .. .. <add key="ClientSettingsProvider.ServiceUri" value="" />.. </appSettings>.. .. .. <system.web>.. <membership defaultProvider="ClientAuthenticationMembershipProvider">.. <providers>.. <add name="ClientAuthenticationMembershipProvider" type="System.Web.ClientServices.Providers.ClientFormsAuthenticationMembershipProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" />.. </providers>.. </membership>.. <roleManager defaultProvider="ClientRoleProvider" enabled="true">.. <providers>.. <add name="ClientRoleProvider" type="System.Web.ClientServices.Providers.ClientRoleProvider, System.Web.Extensions, Version=3.5.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" serviceUri="" cacheTimeout="86

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\BouncyCastle.Crypto.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):3318832
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.534876879948643
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:yIBbo0WIgmjljFtXCdRLRBcJd+KaGxHIkMNqzP56O8lZ7qXUqi9p:DBbBWIgWljGxRB/LLp
                                                                                                                                                                                                                                                                                                                                                MD5:11CC798BAFA45BE12D27C68D6B59BA27
                                                                                                                                                                                                                                                                                                                                                SHA1:4D1CA0C0F1BC3691F5F852CC8D3ED88605B70434
                                                                                                                                                                                                                                                                                                                                                SHA-256:443A1C088E62810A954FFE9F0136F7A8D5E44928425D23B5284D936270D9837A
                                                                                                                                                                                                                                                                                                                                                SHA-512:FA0AEAF5309FD1593DB8AF774F18AA9CDA9B7ABD3F32D34CFD1B615EE68CECA0155DFB0AB7351E182B1B9D872BF41B19E66D2B597D2BA6300AF332A0F525C75A
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                • Filename: TRABALHO----PROCESSO0014S55-S440000000S1.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.367.20003.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: AdobeUpdate.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.3218.16257.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: Y3Wvl9aYAU.cmd, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.15125.10364.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: SecuriteInfo.com.Program.RemoteAdminNET.1.7216.330.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: 4PP--0001S4D8S_DANFE000S1AS4SD5555522A1111.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: setup_it_security (1).msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                • Filename: Guidelines_for_Citizen_Safety.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....R............" ..0..r2..........&1.. ....2...... ........................2.....i.3...@.................................G&1.O.....2..............|2.0(....2.....X.(.p............................................ ............... ..H............text....p2.. ...r2................. ..`.rsrc.........2......t2.............@..@.reloc........2......z2.............@..B................{&1.....H...........$....................(.....................................V!........s.........*.~....-*(....o....o....o.........~....-.~.........~....*..( ...*...0..G.......(!....o"....s.1....s*,..%..(.... ....o.....o 0...Zo....t....o8(..(....*..0..$..........(.....(....o.....(!.......io#...*z...(....(!....o"...o....(....*..0............T....r...p.(O....o$....(....*..0..I.......sG...sB)..s.(..s.(...(....s6(....,..o%....2...(....sV(....+.....%..ox...*..( ...*V.(&.....}......}..

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\ICSharpCode.SharpZipLib.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):215088
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.030864151731967
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:r1uYsjrFIzmuxpOI/1MvCdRbpSISC8j7s/k:mIzm6pOIgvr7ok
                                                                                                                                                                                                                                                                                                                                                MD5:C106DF1B5B43AF3B937ACE19D92B42F3
                                                                                                                                                                                                                                                                                                                                                SHA1:7670FC4B6369E3FB705200050618ACAA5213637F
                                                                                                                                                                                                                                                                                                                                                SHA-256:2B5B7A2AFBC88A4F674E1D7836119B57E65FAE6863F4BE6832C38E08341F2D68
                                                                                                                                                                                                                                                                                                                                                SHA-512:616E45E1F15486787418A2B2B8ECA50CACAC6145D353FF66BF2C13839CD3DB6592953BF6FEED1469DB7DDF2F223416D5651CD013FB32F64DC6C72561AB2449AE
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....*............" ..0..............'... ...@....... ....................................`..................................'..O....@..t............ ..0(...`.......&..T............................................ ............... ..H............text........ ...................... ..`.rsrc...t....@......................@..@.reloc.......`......................@..B.................'......H........... ...................$&........................................( ...*"..(!...*&...("...*&...(#...*2.r...p(....*"..(....*&...(....*&...(....*2.rE..p(....*"..(....*&...(....*&...(....*2.r...p(....*"..(....*&...(....*&...(....*J..r...p($...(....*v....(%.....(%.....(%...(....*....L...%...%.r...p.%...%.r...p.%....%.r+..p.%...(&...(....*..(....*&...(....*&...(....*.0..)........{.........('...t......|......(...+...3.*....0..)........{.........()...t......|......(...+...3.

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):710192
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.96048066969898
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:3BARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTUU:3BA/ZTvQD0XY0AJBSjRlXP36RMGV
                                                                                                                                                                                                                                                                                                                                                MD5:2C4D25B7FBD1ADFD4471052FA482AF72
                                                                                                                                                                                                                                                                                                                                                SHA1:FD6CD773D241B581E3C856F9E6CD06CB31A01407
                                                                                                                                                                                                                                                                                                                                                SHA-256:2A7A84768CC09A15362878B270371DAAD9872CAACBBEEBE7F30C4A7ED6C03CA7
                                                                                                                                                                                                                                                                                                                                                SHA-512:F7F94EC00435466DB2FB535A490162B906D60A3CFA531A36C4C552183D62D58CCC9A6BB8BBFE39815844B0C3A861D3E1F1178E29DBCB6C09FA2E6EBBB7AB943A
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ......J.....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation.zip

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Zip archive data, at least v4.5 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):384543
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.999457129580227
                                                                                                                                                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:QCkHWMIRwZL7gsOTLQezyUyt6ywEYUxa5FDW8mWalWh6Nxjuq0xn57/EMpx4Ip7/:x4j1ZXgsO3dU61Oa3a8O50VF/R7pwvgZ
                                                                                                                                                                                                                                                                                                                                                MD5:3C93B399B417B0D6A232D386E65A8B46
                                                                                                                                                                                                                                                                                                                                                SHA1:BB26DEAE135F405229D6F76EB6FAAEB9A3C45624
                                                                                                                                                                                                                                                                                                                                                SHA-256:29BC4577588116CBFEA928B2587DB3D0D26254163095E7FBBCDE6E86FD0022D7
                                                                                                                                                                                                                                                                                                                                                SHA-512:A963F5CF2221436938F031B65079BEA7C4BAFBD48833A9E11CD9BDD1548D68ED968D9279299AA2ADFC23311A6744D516CC50E6537AA45321E5653755ED56F149
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:PK..-.....qF=Y..t.........=...AgentPackageAgentInformation/AgentPackageAgentInformation.exe....0...................$A...?..K.*...{K...>3..y..m..7.|.....l4._.>.G..............}.p.........@....q...2T_.1^|..;.V.(V.:...F|.{.oX.......>....8.]QK.r]3}..h....l.d.z......WI..dG.d..{>.CM.....9/j..a....f.qF...X.}a.t........%n.+..I..-Xa..7..d.D..0...L.K....i"..Z.....~.~....._..{p*......+v,.K..F.X.|;"..!d......So'.f.o.......^.A.........c......|315....o.oRU..#.....R..h..[.":i..+8}...E:..!.M...Th%O;.dX.qK2.....9TD...Nt.J...."..$..k..k.'&I.p ...h.d......Z.3~...]~.B...}...~.(:U....=r<)...,...+.$...i=...1I.]....4Z..'...&..R......R.sW.?../.k....USg........o.....[......U......e..V...jG.Y.....v2...ph.L..3..n.!..... ..W."...cJ./.`..Lr..l.b..'.N^@....,D.y.....i._....@....M..)u-C.R..3"....C.iV/..|..c....$_..Uj.....^.R...*5......O........6*qw..G5.+.\.1..... .X...f..H._S.....b..HY>.GJ..}.,Fj...*.!...,(.j!.Od...&.....`.[.y.1*...$...a.8.j#9.Q...y..E.S.rQ*.2O.;.

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):177712
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.81549541154566
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:fDpvOyLSson7aezB53Pbsk4GJCMA1TSuAehsZ7f2lz8/ChoCby:fD4y07asBx4krGSeCZXH
                                                                                                                                                                                                                                                                                                                                                MD5:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                SHA1:F135BE75C721AF2D5291CB463CBC22A32467084A
                                                                                                                                                                                                                                                                                                                                                SHA-256:36704967877E4117405BDE5EC30BEAF31E7492166714F3FFB2CEB262BF2FB571
                                                                                                                                                                                                                                                                                                                                                SHA-512:BD654388202CB5090C860A7229950B1184620746F4C584AB864EADE831168BC7FAE0B5E59B90165B1A9E4BA2BD154F235749718AE2DF35D3DD10403092185ED1
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......f.........."...0................. ........@.. ....................................`.....................................O.......................0(..........X................................................ ............... ..H............text...0.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H...................,....................................................0..........r...p... .....r...p.(.....o......(.....o......(.....o...........s......[o .....s!...%.o".......o#.....s$..........s%...%......io&...%o'.....o(.......o)...o).....(*...*..0..........r...p... .....r...p.(.....o......(.....o.......(+..........s......[o .....s!...%.o".......o,.......s-..........s%......i.l.....%......io........o)...o)...(.........o/...*..(0...*..{....*"..}....*..{....*"..}....*..{.

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):546
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.048902065665432
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:MMHdG3VSQg9LNFF7ap+5v5OXrRf/2//FicYo4xm:JdASPF7NhOXrRH2/d9r
                                                                                                                                                                                                                                                                                                                                                MD5:158FB7D9323C6CE69D4FCE11486A40A1
                                                                                                                                                                                                                                                                                                                                                SHA1:29AB26F5728F6BA6F0E5636BF47149BD9851F532
                                                                                                                                                                                                                                                                                                                                                SHA-256:5E38EF232F42F9B0474F8CE937A478200F7A8926B90E45CB375FFDA339EC3C21
                                                                                                                                                                                                                                                                                                                                                SHA-512:7EEFCC5E65AB4110655E71BC282587E88242C15292D9C670885F0DAAE30FA19A4B059390EB8E934607B8B14105E3E25D7C5C1B926B6F93BDD40CBD284AAA3CEB
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>...<supportedRuntime version="v4.0" />.. <supportedRuntime version="v2.0.50727" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="Newtonsoft.Json" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-13.0.0.0" newVersion="13.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.ini

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):12
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.584962500721156
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:WhWRn:WY
                                                                                                                                                                                                                                                                                                                                                MD5:DC63026E80D2BB04F71E41916F807E33
                                                                                                                                                                                                                                                                                                                                                SHA1:6CDA386D2C365F94EA3DE41E2390FD916622EB51
                                                                                                                                                                                                                                                                                                                                                SHA-256:3B54D00F00AA80384DE88E4F4005E9D4D889A2CCF64B56E0C29D274352495C85
                                                                                                                                                                                                                                                                                                                                                SHA-512:61DA550EFD55187978872F5D8E88164A6181A11C8A720684EAA737E0846FE20B9E82B73E1F689A6585834B84C4CEE8DD949AF43E76FD0158F6CAFA704AB25183
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:version=37.9

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):96816
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.180547422449922
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:vJt7dqUlizL21LDdeOKTfLz2L506wFj/XxFoKjhJG/50vks00UfgfgvC7Hxw0h:vQUm2H5KTfOLgxFJjE50vksVUfPvC1h
                                                                                                                                                                                                                                                                                                                                                MD5:9D8B5941EA5B905E8197A175EF2B15A9
                                                                                                                                                                                                                                                                                                                                                SHA1:86A078E94B5578EC4125F50F78C8518A8CE1D086
                                                                                                                                                                                                                                                                                                                                                SHA-256:C6F05B647DBADC15AB97D31790FC8ACE054986EC33E9178FEEAD4235AD15CB0D
                                                                                                                                                                                                                                                                                                                                                SHA-512:FAB5FE82873862CE8ED1A427482093CCA307F6663E9F6497FDC244CE461312872D419FF274CDCA0C496414C28681901F335C9911B95D2A7C112D30E32D74E498
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Atera.AgentPackage.Common.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....0.d.........." ..0..H..........zf... ........... ...............................C....`.................................(f..O.......8............R..0(...........d............................................... ............... ..H............text....F... ...H.................. ..`.rsrc...8............J..............@..@.reloc...............P..............@..B................\f......H........k..D............................................................0..>.......~........o....~......(....&.s.......&...~....(....,..(....&..*...........$...........'........(....*.......*.0..4.......(....o....r...p(....r...p(..........(....(......&..*........00......:.(......}....*..0..Z............( ...,......(!...*~..........("........( ...-..(....s#...........,..($.........(!...*..........&E.......0..G........{....,.(......5~%...r'..po&...rm..pr...po'...tR...r...p((..

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):704560
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.954116173285503
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:i9BzaPm657wqehcZBLX+HK+kPJUQEKx07N0TCBGiBCjC0PDgM5j9FKjc33:i8m657w6ZBLmkitKqBCjC0PDgM5H
                                                                                                                                                                                                                                                                                                                                                MD5:BA66874C510645C1FB5FE74F85B32E98
                                                                                                                                                                                                                                                                                                                                                SHA1:E33C7E6991A25CC40D9E0DCC260B5A27F4A34E6C
                                                                                                                                                                                                                                                                                                                                                SHA-256:12D64550CB536A067D8AFFF42864836F6D41566E18F46D3CA92CB68726BDD4E9
                                                                                                                                                                                                                                                                                                                                                SHA-512:44E8CAA916AB98DA36AF02B84AC944FBF0A65C80B0ADBDC1A087F8ED3EFF71C750FB6116F2C12034F9F9B429D6915DB8F88511B79507CC4D063BAB40C4EAA568
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.................. ........... ...............................E....`.....................................O.......................0(.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H........{...,..................d.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{^....3...{]......(....,...{]...*..{_.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\Pubnub.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):602672
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.145404526272746
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6144:UShQrHBJEwJiIJJ8TihsEWdzs29glRleqn4uRTJgwhVHhoNw0r17K7DDaiC3KM+9:gHDxJGihsEKwSuTuwvOWgFA
                                                                                                                                                                                                                                                                                                                                                MD5:17D74C03B6BCBCD88B46FCC58FC79A0D
                                                                                                                                                                                                                                                                                                                                                SHA1:BC0316E11C119806907C058D62513EB8CE32288C
                                                                                                                                                                                                                                                                                                                                                SHA-256:13774CC16C1254752EA801538BFB9A9D1328F8B4DD3FF41760AC492A245FBB15
                                                                                                                                                                                                                                                                                                                                                SHA-512:F1457A8596A4D4F9B98A7DCB79F79885FA28BD7FC09A606AD3CD6F37D732EC7E334A64458E51E65D839DDFCDF20B8B5676267AA8CED0080E8CF81A1B2291F030
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...X............." ..0............." ... ...@....... ....................................`.....................................O....@..|...............0(...`..........T............................................ ............... ..H............text...(.... ...................... ..`.rsrc...|....@......................@..@.reloc.......`......................@..B................. ......H............{..................x.......................................r.(......}......}......}....*....0..,........-..{.....o...+.+..{.....{....s.....o...+..*V.(......}......}....*...0...................-..+..o....s"........o$......o,....,..o....,...,....o(........,...oH...,...o......+.......9......o....,..{......o....o....o......s..........o&...8.....{......o....o........9e.....o.....?X.....r...po....9G.....r...po....o....r...p.( ...9&.....r...po....9......r...po....o.....

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\System.ValueTuple.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):73264
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.954475034553661
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:6784YWac+abptsy5VyYc/9n1RcGxzeeUVn9KyQgHo0JuresehaAR7HxRq:67N1r9KGI04CCARLq
                                                                                                                                                                                                                                                                                                                                                MD5:F4D9D65581BD82AF6108CFA3DD265A9A
                                                                                                                                                                                                                                                                                                                                                SHA1:A926695B1E5D3842D8345C56C087E58845307A16
                                                                                                                                                                                                                                                                                                                                                SHA-256:A3219CD30420EBCF7507C9C9F92FD551AE19999BE247CAA861A8A22D265BE379
                                                                                                                                                                                                                                                                                                                                                SHA-512:144C1195A440907592B22FC947F4284CA36869BDAE495EC8CA5212AF4F63E8E8492FB0EC3B37BF66DB912AF30864C69588D0E35ED9B3D24D36DF3B09DDB5B6C3
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....>.Z.........." ..0.................. ... ....... .......................`.......f....@.....................................O.... ..P...............0(...@..........8............................................ ............... ..H............text........ ...................... ..`.rsrc...P.... ......................@..@.reloc.......@......................@..B........................H.......$...h...........................................................6..o.........*f..o...........o.........*...o...........o...........o.........*...o...........o ..........o!...........o"........*...o#..........o$..........o%...........o&...........o'........*....0..L.........o(..........o)..........o*...........o+...........o,...........o-........*.0..Y.........o...........o/..........o0...........o1...........o2...........o3...........o4.... ...*....0..k.........o5....

                                                                                                                                                                                                                                                                                                                                                C:\Program Files (x86)\ATERA Networks\AteraAgent\log.txt

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:ASCII text, with CRLF, LF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):206
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.233076246178147
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3:A0oKbRJwmK19wqWluiKFHnFSLRg42VVbmdRCAmWGtSLE1dW/czx4JgXzeHFxfAF2:AsbR+919w3pKFSQpPSGwO0Zf9DX
                                                                                                                                                                                                                                                                                                                                                MD5:DFC8A19DBB761A76F66D1C224509584E
                                                                                                                                                                                                                                                                                                                                                SHA1:A705D9E31BDE969B5F5AFE329A58BB541B27D1E6
                                                                                                                                                                                                                                                                                                                                                SHA-256:4D3015990BD0794050C9698DC365D831D4F6C8137A13D8006F79ADC18E2681D1
                                                                                                                                                                                                                                                                                                                                                SHA-512:7D3AE286C5DC334520BDAD3D4AE709BAA1CD18A46F06D7EC3EF69ABE5ED3D5E308C972B0BF823127FFBA3E5E837C6B68C65F24108BB13F1B0CCF814DB66FAF69
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:/i /IntegratorLogin=Moshe@nlc.co.il /CompanyId=1 /IntegratorLoginUI= /CompanyIdUI= /FolderId= /AccountId=001Q300000MFxEPIA1 /AgentId=95230b78-0b09-4026-a7c5-5fe4c9d15b4c.02/10/2024 13:18:13 Trace Starting..

                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AteraAgent.exe.log

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):2402
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.362731083469072
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:MxHKQg8mHDp684IHTQ06YHKGSI6oPtHTHhAHKKk+HKlT4v1qHGIs0HKaHKmTHlH7:iqzCIzQ06YqGSI6oPtzHeqKk+qZ4vwme
                                                                                                                                                                                                                                                                                                                                                MD5:28B4BFE9130A35038BD57B2F89847BAE
                                                                                                                                                                                                                                                                                                                                                SHA1:8DBF9D2800AB08CCA18B4BA00549513282B774A9
                                                                                                                                                                                                                                                                                                                                                SHA-256:19F498CAE589207075B8C82D7DACEAE23997D61B93A971A4F049DC14C8A3D514
                                                                                                                                                                                                                                                                                                                                                SHA-512:02100FD4059C4D32FBAAA9CEAACB14C50A4359E4217203B2F7A40E298AD819ED5469F2442291F12852527A2B7109CC5F7BFF7FDAD53BA5ABF75FC5F0474E984F
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Configuration.Install, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Confe64a9051#\434f871c532673e1359654ad68a1c225\System.Configuration.Install.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\a

                                                                                                                                                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rundll32.exe.log

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):651
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.343677015075984
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhaOK9eDLI4MNJK9P/JNTK9yiv:ML9E4KlKDE4KhKiKhPKIE4oKNzKoM
                                                                                                                                                                                                                                                                                                                                                MD5:7EEF860682F76EC7D541A8C1A3494E3D
                                                                                                                                                                                                                                                                                                                                                SHA1:58D759A845D2D961A5430E429EF777E60C48C87E
                                                                                                                                                                                                                                                                                                                                                SHA-256:65E958955AC5DBB7D7AD573EB4BB36BFF4A1DC52DD16CF79A5F7A0FA347727F1
                                                                                                                                                                                                                                                                                                                                                SHA-512:BF7767D55F624B8404240953A726AA616D0CE60EC1B3027710B919D6838EFF7281A79B49B22AB8B065D8CA921EF4D09017A0991CB4A21DAF09B3B43E6698CB04
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\6788d2.msi

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.878654931925023
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:4+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:4+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                                MD5:C4E4332CF78E92BEF45CAB4D8D9A29A8
                                                                                                                                                                                                                                                                                                                                                SHA1:E6F5AAE7F231F9F108F0BBCC5C7240BEE17A180E
                                                                                                                                                                                                                                                                                                                                                SHA-256:63F2E49BD14880BED0033CBF0878EE50F18555432D3AD1439B304E6A2DC00FC6
                                                                                                                                                                                                                                                                                                                                                SHA-512:7A486E162560C736533D23CF7863EDA03F822AFF0411FAB40D70518026A5C7BB765990139F37BAE416CFAD05B700756521E165F07B951041E5FB806644A54C63
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\6788d4.msi

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):2994176
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.878654931925023
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:4+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:4+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                                MD5:C4E4332CF78E92BEF45CAB4D8D9A29A8
                                                                                                                                                                                                                                                                                                                                                SHA1:E6F5AAE7F231F9F108F0BBCC5C7240BEE17A180E
                                                                                                                                                                                                                                                                                                                                                SHA-256:63F2E49BD14880BED0033CBF0878EE50F18555432D3AD1439B304E6A2DC00FC6
                                                                                                                                                                                                                                                                                                                                                SHA-512:7A486E162560C736533D23CF7863EDA03F822AFF0411FAB40D70518026A5C7BB765990139F37BAE416CFAD05B700756521E165F07B951041E5FB806644A54C63
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                                MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                                SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                                SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                                SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                                MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                                SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                                SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                                SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI8AD6.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                                MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                                SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                                SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                                SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                                MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                                SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                                SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                                SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                                MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                                SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                                SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                                SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI8AD6.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                                MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                                SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                                SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                                SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                                MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                                SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                                SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                                SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                                MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                                SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                                SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                                SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSI90F1.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                                MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                                SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                                SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                                SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                                MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                                SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                                SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                                SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                                MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                                SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                                SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                                SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSI90F1.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                                MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                                SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                                SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                                SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                                MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                                SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                                SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                                SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                                MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                                SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                                SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                                SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIA257.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                                MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                                SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                                SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                                SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                                MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                                SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                                SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                                SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                                MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                                SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                                SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                                SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA257.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                                MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                                SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                                SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                                SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA873.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):437316
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.648099531720788
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:kt3jOZy2KsGU6a4Ksht3jOZy2KsGU6a4Ks3:UzOE2Z34KGzOE2Z34K6
                                                                                                                                                                                                                                                                                                                                                MD5:4D153A04F73F379239296FD852060BA5
                                                                                                                                                                                                                                                                                                                                                SHA1:6FA30D3C5A72EFEEA05BB6F01627149C4607B8A0
                                                                                                                                                                                                                                                                                                                                                SHA-256:A0BBB17BEA7DC69E412FF05B8A3C607CC391D1D851A4180E6D3CF4C8D4699B62
                                                                                                                                                                                                                                                                                                                                                SHA-512:45CBADCBFF68DAF1FA6F8254BECD8230547CCEFF3FB87BA6EF3C38F78000A6C9C3CA667B92603224CBC69A7BC8C45C416ED1397F2BED6555C2CCAD6D552018F8
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIA873.tmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:...@IXOS.@.....@EjBY.@.....@.....@.....@.....@.....@......&.{E732A0D7-A2F2-4657-AC41-B19742648E45}..AteraAgent..9rSeCZbjZE.msi.@.....@.....@.....@........&.{721AD955-79FD-4019-BBF5-9DCC4C1175BB}.....@.....@.....@.....@.......@.....@.....@.......@......AteraAgent......Rollback..Rolling back action:..[1]..RollbackCleanup..Removing backup files..File: [1]...@.......@........StopAteraServiceQuiet....J...StopAteraServiceQuiet.@A......M..MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[...................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA883.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA8E2.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIA9DD.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):216496
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.646208142644182
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:/Jz/kyKA1X1dxbOZU32KndB4GLvyui2lhQtEaY4IDflQn0xHuudQ+cxEHSiZxaQ:/t/kE1jOZy2KL4GBiwQtEa4L2sV
                                                                                                                                                                                                                                                                                                                                                MD5:A3AE5D86ECF38DB9427359EA37A5F646
                                                                                                                                                                                                                                                                                                                                                SHA1:EB4CB5FF520717038ADADCC5E1EF8F7C24B27A90
                                                                                                                                                                                                                                                                                                                                                SHA-256:C8D190D5BE1EFD2D52F72A72AE9DFA3940AB3FACEB626405959349654FE18B74
                                                                                                                                                                                                                                                                                                                                                SHA-512:96ECB3BC00848EEB2836E289EF7B7B2607D30790FFD1AE0E0ACFC2E14F26A991C6E728B8DC67280426E478C70231F9E13F514E52C8CE7D956C1FAD0E322D98E0
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........................^.......\......].........................,.......<.........L...'.....'.....'.P.......8.....'.....Rich............................PE..L...Ap.]...........!.........P............................................................@.........................@................P..x....................`..........T...............................@...............<............................text...[........................... ..`.rdata..............................@..@.data...."... ......................@....rsrc...x....P......................@..@.reloc.......`......................@..B........................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                                                                                                                                                Size (bytes):521954
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.356225107100806
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:GnBaimP+DJLxQb6CBCldjCaOIM7PmD8WoKO2qHxf:kG2D3QbCldj1MK/tzG
                                                                                                                                                                                                                                                                                                                                                MD5:88D29734F37BDCFFD202EAFCDD082F9D
                                                                                                                                                                                                                                                                                                                                                SHA1:823B40D05A1CAB06B857ED87451BF683FDD56A5E
                                                                                                                                                                                                                                                                                                                                                SHA-256:87C97269E2B68898BE87B884CD6A21880E6F15336B1194713E12A2DB45F1DCCF
                                                                                                                                                                                                                                                                                                                                                SHA-512:1343ED80DCCF0FA4E7AE837B68926619D734BC52785B586A4F4102D205497D2715F951D9ACACC8C3E5434A94837820493173040DC90FB7339A34B6F3EF0288D0
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..................'P\....'P^....'P_...........................>.......4..................R......:...........Rich...........................PE..L....o.]...........!.....D...|.......L.......`......................................S#....@.........................0}...*......x.......d.......................4... s..T...........................xs..@............`..l............................text....B.......D.................. ..`.rdata...Q...`...R...H..............@..@.data...p...........................@....rsrc...d...........................@..@.reloc..4...........................@..B................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):25600
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.009968638752024
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:384:akuS4rIWmFo967HkYc/4CmvZqVZa9VSlkfO2IROklJhwaHr1LpvTVi:RuVs3bXCmvZqu3u9OiNL1LpvTs
                                                                                                                                                                                                                                                                                                                                                MD5:AA1B9C5C685173FAD2DABEBEB3171F01
                                                                                                                                                                                                                                                                                                                                                SHA1:ED756B1760E563CE888276FF248C734B7DD851FB
                                                                                                                                                                                                                                                                                                                                                SHA-256:E44A6582CD3F84F4255D3C230E0A2C284E0CFFA0CA5E62E4D749E089555494C7
                                                                                                                                                                                                                                                                                                                                                SHA-512:D3BFB4BD7E7FDB7159FBFC14056067C813CE52CDD91E885BDAAC36820B5385FB70077BF58EC434D31A5A48245EB62B6794794618C73FE7953F79A4FC26592334
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\MSIBFA8.tmp-\AlphaControlAgentInstallation.dll, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...R..e.........." ..0..Z..........Bx... ........... ....................................`..................................w..O....................................v............................................... ............... ..H............text...HX... ...Z.................. ..`.rsrc................\..............@..@.reloc...............b..............@..B................$x......H........5...A............................................................(....r...p(.....s....o....,.r;..p(....(.... ....*r...p(.....*..0..M........(....r...p(.....s@...oA...,$(H...-..s'...r...pr;..p.o(.....o....r[..p(.....*....0..N........(....r...p(.....o....r...p..o....,..,..~.....o....,..*.s+...o,...r...p(.....*..(....r...p(.....s>...o?...rE..p(.....*..(....rm..p(.....s'...r...p..o(...r...p(.....*..(....r...p(.....s'...r...p..o(...r;..p(.....*..(....r]..p(.....s'...r...p

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp-\CustomAction.config

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1538
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.735670966653348
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:2dhmhx0PY6Iee7LfKhT06XWslTh17jJB+aZtG9jDqRp:c0nd5t7q7WsFD7t3tG96n
                                                                                                                                                                                                                                                                                                                                                MD5:BC17E956CDE8DD5425F2B2A68ED919F8
                                                                                                                                                                                                                                                                                                                                                SHA1:5E3736331E9E2F6BF851E3355F31006CCD8CAA99
                                                                                                                                                                                                                                                                                                                                                SHA-256:E4FF538599C2D8E898D7F90CCF74081192D5AFA8040E6B6C180F3AA0F46AD2C5
                                                                                                                                                                                                                                                                                                                                                SHA-512:02090DAF1D5226B33EDAAE80263431A7A5B35A2ECE97F74F494CC138002211E71498D42C260395ED40AEE8E4A40474B395690B8B24E4AEE19F0231DA7377A940
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:<?xml version="1.0" encoding="utf-8" ?>..<configuration>.. <startup useLegacyV2RuntimeActivationPolicy="true">.... .. Use supportedRuntime tags to explicitly specify the version(s) of the .NET Framework runtime that.. the custom action should run on. If no versions are specified, the chosen version of the runtime.. will be the "best" match to what Microsoft.Deployment.WindowsInstaller.dll was built against..... WARNING: leaving the version unspecified is dangerous as it introduces a risk of compatibility.. problems with future versions of the .NET Framework runtime. It is highly recommended that you specify.. only the version(s) of the .NET Framework runtime that you have tested against..... Note for .NET Framework v3.0 and v3.5, the runtime version is still v2.0..... In order to enable .NET Framework version 2.0 runtime activation policy, which is to load all assemblies.. by using the latest

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp-\Microsoft.Deployment.WindowsInstaller.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):184240
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.876033362692288
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3072:BGfZS7hUuK3PcbFeRRLxyR69UgoCaf8+aCnfKlRUjW01KymkO:9zMRLkR6joxfRPW
                                                                                                                                                                                                                                                                                                                                                MD5:1A5CAEA6734FDD07CAA514C3F3FB75DA
                                                                                                                                                                                                                                                                                                                                                SHA1:F070AC0D91BD337D7952ABD1DDF19A737B94510C
                                                                                                                                                                                                                                                                                                                                                SHA-256:CF06D4ED4A8BAF88C82D6C9AE0EFC81C469DE6DA8788AB35F373B350A4B4CDCA
                                                                                                                                                                                                                                                                                                                                                SHA-512:A22DD3B7CF1C2EDCF5B540F3DAA482268D8038D468B8F00CA623D1C254AFFBBC1446E5BD42ADC3D8E274BE3BA776B0034E179FACCD9AC8612CCD75186D1E3BF1
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....o.].........." ..0...... ......z.... ........... ....................................@.................................(...O................................................................................... ............... ..H............text....w... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp-\Newtonsoft.Json.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):711952
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.96669864901384
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12288:WBARJBRZl/j1TbQ7n5WLm4k0X57ZYrgNHgK9C1BSjRlXP36RMGy1NqTU+:WBA/ZTvQD0XY0AJBSjRlXP36RMG7
                                                                                                                                                                                                                                                                                                                                                MD5:715A1FBEE4665E99E859EDA667FE8034
                                                                                                                                                                                                                                                                                                                                                SHA1:E13C6E4210043C4976DCDC447EA2B32854F70CC6
                                                                                                                                                                                                                                                                                                                                                SHA-256:C5C83BBC1741BE6FF4C490C0AEE34C162945423EC577C646538B2D21CE13199E
                                                                                                                                                                                                                                                                                                                                                SHA-512:BF9744CCB20F8205B2DE39DBE79D34497B4D5C19B353D0F95E87EA7EF7FA1784AEA87E10EFCEF11E4C90451EAA47A379204EB0533AA3018E378DD3511CE0E8AD
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...D.}..........." ..0.................. ........... ....................... ............`.....................................O......................../.............T............................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B.......................H.......d....9..................h.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X..+....b....aX....X.....2.....cY.....cY....cY..|....(......._..{........+,..{|....3...{{......(....,...{{...*..{}.......-..*...0...........-.r...ps....z.o......-.~....*.~....

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\MSIBFA8.tmp-\System.Management.dll

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):61448
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):6.332072334718381
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:768:xieZDWtg+ESsRTgCayrMkp6SEI9016UJKdi1diF55U/h:xwg+ESsVgCayY/pYgwkd0Eh
                                                                                                                                                                                                                                                                                                                                                MD5:878E361C41C05C0519BFC72C7D6E141C
                                                                                                                                                                                                                                                                                                                                                SHA1:432EF61862D3C7A95AB42DF36A7CAF27D08DC98F
                                                                                                                                                                                                                                                                                                                                                SHA-256:24DE61B5CAB2E3495FE8D817FB6E80094662846F976CF38997987270F8BBAE40
                                                                                                                                                                                                                                                                                                                                                SHA-512:59A7CBB9224EE28A0F3D88E5F0C518B248768FF0013189C954A3012463E5C0BA63A7297497131C9C0306332646AF935DD3A1ACF0D3E4E449351C28EC9F1BE1FA
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....bP.........." ..................... .........c. ....................... ......>.....`.....................................O.......\................>........................................................... ............... ..H............text........ ...................... ..`.rsrc...\...........................@..@.reloc..............................@..B........................H........"..`...........D....".......................................................................................0...............0.......................................................................0...............................................................................................................................................0...............0...................................................0...............0..............................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\SourceHash{E732A0D7-A2F2-4657-AC41-B19742648E45}

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.1638497658640115
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:JSbX72FjyxbmSAGiLIlHVRpZh/7777777777777777777777777vDHFvufgd1itr:JsbJQI5ttgBiF
                                                                                                                                                                                                                                                                                                                                                MD5:0A947F304590ED2C88065AB6364F523D
                                                                                                                                                                                                                                                                                                                                                SHA1:751C4856C242E5163A2501FC2564922517805692
                                                                                                                                                                                                                                                                                                                                                SHA-256:F516A6B525FC2B369A70AF0A3EBD9A12EF89F63CF3A2541A9E0130ED0DE56BB0
                                                                                                                                                                                                                                                                                                                                                SHA-512:5CFD45478BC338AD1D34353D1B808627B340F49722489281C84D13C3AF12A81525723C0DB5FD06E8C4BBC4722FC8E41C954418F0387ACC6BA92A3A6C9F6434D4
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Installer\inprogressinstallinfo.ipi

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.5664109556734713
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:Az8PhPuRc06WXJSnT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:AahP1JnTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:588F16A4072C051CC93D39E8B2D81440
                                                                                                                                                                                                                                                                                                                                                SHA1:70512A7D4B6139752EE9DD89D4D96715F981FB9A
                                                                                                                                                                                                                                                                                                                                                SHA-256:5A1AF65BB2635950642983558ABC5823208D1D8F3B4B6EE3BAE7EBFCD53288FE
                                                                                                                                                                                                                                                                                                                                                SHA-512:D0E1B9109C94E7F076F21AD93F42D801F81C01A66DDAA9D7D9C314A4D84A5DA6B0B22B7D22D0F3CE7DDD7686BC116EAECFD141DE2A12885135AF8BA407DC7DA9
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Installer\inprogressinstallinfo.ipi, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):360001
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.362987253925135
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:1536:6qELG7gK+RaOOp3LCCpfmLgYI66xgFF9Sq8K6MAS2OMUHl6Gin327D22A26Kgaui:zTtbmkExhMJCIpE7
                                                                                                                                                                                                                                                                                                                                                MD5:13AAF191251C4862A9E70DE9611C1436
                                                                                                                                                                                                                                                                                                                                                SHA1:8C49E5CDE1620C95FB8DE3550F4003A9B3BBBD81
                                                                                                                                                                                                                                                                                                                                                SHA-256:35A464B4FD3194AFBA5DC01075E7BB6776BD2B40BAE6F653AF306F61573B82DB
                                                                                                                                                                                                                                                                                                                                                SHA-512:F76E636664386363AD39E6408FD63C5410DA2FD02AC362E6E3611919E588E0751D7A593035E5313EF0284651AB3F756A1DA03AFE2811C300ED5B63DF74DBC77A
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:.To learn about increasing the verbosity of the NGen log files please see http://go.microsoft.com/fwlink/?linkid=210113..12/07/2019 14:54:22.458 [5488]: Command line: D:\wd\compilerTemp\BMT.200yuild.1bk\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.exe executeQueuedItems /nologo ..12/07/2019 14:54:22.473 [5488]: Executing command from offline queue: install "System.Runtime.WindowsRuntime.UI.Xaml, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil" /NoDependencies /queue:1..12/07/2019 14:54:22.490 [5488]: Executing command from offline queue: install "System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil" /NoDependencies /queue:3..12/07/2019 14:54:22.490 [5488]: Exclusion list entry found for System.Web.ApplicationServices, Version=4.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil; it will not be installed..12/07/2019 14:54:22.490 [

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\InstallUtil.InstallLog

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):704
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):4.805280550692434
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:tIDRFK4mAX7RBem7hccD+PRem7hUhiiGNGNdg6MhgRBem7hccD+PRem7hUGNGNkm:Us43XVBVhcmMRVhMipNVeBVhcmMRVhro
                                                                                                                                                                                                                                                                                                                                                MD5:EF51E16A5B81AB912F2478FE0A0379D6
                                                                                                                                                                                                                                                                                                                                                SHA1:B0F9E2EE284DD1590EA31B2D3AD736D77B9FC6A7
                                                                                                                                                                                                                                                                                                                                                SHA-256:2C5D5397CEDF66DB724FED7FB4515B026A894F517A0DFBE8AE8ADF52DB61AA22
                                                                                                                                                                                                                                                                                                                                                SHA-512:296A11DB55BFEE7D87897BB63BC9E2C05786D3FD73A894DA5AF76F7A756495C6CCC0959C88844DFB5560DE2374A257201D960E004EC09D8C9DFB50952C5EF2D2
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\System32\InstallUtil.InstallLog, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:...Running a transacted installation.....Beginning the Install phase of the installation...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Install phase completed successfully, and the Commit phase is beginning...See the contents of the log file for the C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe assembly's progress...The file is located at C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.InstallLog.....The Commit phase completed successfully.....The transacted install has completed...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):471
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.15290820119303
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:JyYOjMt5GLsHjcHYixuRLQedEd3FOVHDE+U3p0P:JRO4tILs4duZEbOx1U3p+
                                                                                                                                                                                                                                                                                                                                                MD5:4C990137B89FAFD01ECAE5016D2F3CFF
                                                                                                                                                                                                                                                                                                                                                SHA1:0965AB0ECF0AA52E373C181C5B9A443657C53E29
                                                                                                                                                                                                                                                                                                                                                SHA-256:62F399068685A22C5899972BA8A0B0D70499C75C66B4313CB748452C76EB0308
                                                                                                                                                                                                                                                                                                                                                SHA-512:A61AF1B036B455A9F8A30436A37C9FCAFCF314C86EDCD3772A047C78C9DAB536849C14AF28648974A9ABCB2788D56BBF5DDD9EB8E035688791CCA36DCB9623E2
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:0..........0.....+.....0......0...0......E....1-Q...!..m....20241001165849Z0s0q0I0...+...........@..D3=?..Mn8...Q..E....1-Q...!..m..........-...P..@.Z....20241001165849Z....20241008165849Z0...*.H.............'a......>..$.e.H...0....T'9.....j..M".8^....Y.....W....~F.>..,...'.;.M..W.........-.....c..N...8;T..)38......?.EW..xo........ ..~..%....s[?@.u.7..s..h.]t3....dJ.2M.Q....[.....t.?.9.#.V.0.VE6....z.%.a..1X.$*B.!....h@...(.sM...P..5x..^..

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.552074964556022
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:5o6Tq91IX5h44TUqrlPdU/uRIFBDNAHrrsAqldCcE9WPNXkPxj/Zf:5uIoqro/uuBR6rsAYE9COxj/J
                                                                                                                                                                                                                                                                                                                                                MD5:E00FF3213C8F42F9482FC7DD36AEE060
                                                                                                                                                                                                                                                                                                                                                SHA1:388BCAC84BAECF2E39C97858BDCD40FFF16CC7DB
                                                                                                                                                                                                                                                                                                                                                SHA-256:9C9637A1B89B95A2CEC6E6478414BBCC8790DDC2AA8065874F3BA81FF89F8272
                                                                                                                                                                                                                                                                                                                                                SHA-512:37594DE9CF6B0ABE66BEB45E754203957C92F31696BA7939E46A9E1ACB5EC271740804B91F49C319053AEFC1639A253E70C42090A80E7AB1B4F57E1EFB857965
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:0..........0.....+.....0......0...0......h7..;._....a{..e.NB..20241001203658Z0s0q0I0...+.........]....^Idk...NG.X....h7..;._....a{..e.NB...(I.x...#...R....20241001202101Z....20241008192101Z0...*.H.............*.m...Y]"..9#Q.Q.....z..MB....@...... .82..|..y.k.t..1V...D`...........z.*.........j.(...H.."...xA. ....~.q.2e7........`...`dW...iW.P.F..:gOkG....{.{..dx.n...S(. F1[)...w.m.4..L......FP..?.#....;i.;.`.u*X(.nG...(.G.D. ,..Q7Yl;..z`?.L?...}.[..D........}...j..d..h.......;..OqX4|..n[KQHi.F&<..X.M..dYo0..A2.!.T.q..FNy.Ec.S.F.......\.O;#...P.).:.h.iRjW...D.n.7S......".c.}...p8d.......m...+.PT..v8.....!.....T..%......[......r3.]......9.#.u4.....[..:.Q..Q..9.4#~...A......0.oJ..$.i.~.3.

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1716
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.596259519827648
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:GL3d+gG48zmf8grQcPJ27AcYG7i47V28Tl4JZG0FWk8ZHJ:GTd0PmfrrQG28cYG28CEJ
                                                                                                                                                                                                                                                                                                                                                MD5:D91299E84355CD8D5A86795A0118B6E9
                                                                                                                                                                                                                                                                                                                                                SHA1:7B0F360B775F76C94A12CA48445AA2D2A875701C
                                                                                                                                                                                                                                                                                                                                                SHA-256:46011EDE1C147EB2BC731A539B7C047B7EE93E48B9D3C3BA710CE132BBDFAC6B
                                                                                                                                                                                                                                                                                                                                                SHA-512:6D11D03F2DF2D931FAC9F47CEDA70D81D51A9116C1EF362D67B7874F91BF20915006F7AF8ECEBAEA59D2DC144536B25EA091CC33C04C9A3808EEFDC69C90E816
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:0...0............@.`.L.^.....0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...210429000000Z..360428235959Z0i1.0...U....US1.0...U....DigiCert, Inc.1A0?..U...8DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA10.."0...*.H.............0........./B.(.x.].9Y...B.3..=..p..&0...h.\..4$..KO.xC........g.RO..W.......>Mp$d....}4}L.W.kC....;....GZ..L.. %............e....I5.=Q..!xE...,.......IpB2......eh..ML..HRh....W]...e...O.,H.V.5........7.....|...2........t..9..`.....1.......#GG...n..m.....jg-.D......;...2Z..j`T.I....\.o.&....8........o.a4\..E(.6*f(_.s.&%....\...L.b.^3........+..6y.....u.e..HP.w....P.F.aX..|..<.(.9....S..G.u0..0.v..[K]taM?..v.X.r.)A...m&vh.A.X..&+..MY.x.J>@G_.Ps..#!Y`.dT..!..8.|f..x8E0.O.cOL....SA|X=G....2...l<.V.........Y0..U0...U.......0.......0...U......h7..;._....a{..e.NB0...U.#..0.......q]dL..g?....O0...U...........0...U.%..0...+.......0w..+........k0i0$..+.....0...http:/

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):727
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.552295515462603
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:12:5onfZHlc5RlRtBfQtlUxsywrhX0DHXXD6svZJ7YCSVXAdaAaN7tEn/BTGpq78S5z:5iplcdZslUxWQWSiVXAD2ZEZic8wz
                                                                                                                                                                                                                                                                                                                                                MD5:D3E1E6C22706565D07C5B9CF083E39F6
                                                                                                                                                                                                                                                                                                                                                SHA1:12D3BC9406E47A98818A8E21DEEED08DAF79B029
                                                                                                                                                                                                                                                                                                                                                SHA-256:AA5381F9A094B86DEE378100BA11AF301FA9B2E0B5E508D6023E06CCD3A2A60B
                                                                                                                                                                                                                                                                                                                                                SHA-512:BCA97221A6320F9C29A237D2F6FD824713072549F2EB879C963D2C8326493FCD03CEB3B94E737ADE4A312CB8331B14865F2F208A73F566A6E08786577FE3B273
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:0..........0.....+.....0......0...0..........q]dL..g?....O..20240930184215Z0s0q0I0...+........."..;F..=\@ua..........q]dL..g?....O....@.`.L.^........20240930184215Z....20241007184215Z0...*.H.............X.Z..hT.F...^.g..n......W.%T.;~.|LU.......aCW...[....-.k.*F..)C........@..:.3)....^.4....G.R.PD...#Z...7@..!Ub....<.J..vXE...6..I........6..H.'.@.1l..v..]P....tm!..............z..!...%7^[...)..p..Vzn....ML.....]].KN|...tF.8.cN....bt.9..Q.......e.T@.8A..A.uN..*1.4.....U.x}n..F....g..|.......P.|...G......:.F.w,....mj.kj>..2=9.*.Q.J..#..Jc......O.....a....Z...f....e.^.=...$`.~Z;u.?8..!@...J<e.tiTg.....qzDe.hn.......b...Xy...S.FE....=Q.....~.p|5.6....KN..p.6y..\K........:.T.......q.

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Certificate, Version=3
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1428
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.688784034406474
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:24:nIGWnSIGWnSGc9VIyy0KuiUQ+7n0TCDZJCCAyuIqwmCFUZnPQ1LSdT:nIL7LJSRQ+QgAyuxwfynPQmR
                                                                                                                                                                                                                                                                                                                                                MD5:78F2FCAA601F2FB4EBC937BA532E7549
                                                                                                                                                                                                                                                                                                                                                SHA1:DDFB16CD4931C973A2037D3FC83A4D7D775D05E4
                                                                                                                                                                                                                                                                                                                                                SHA-256:552F7BDCF1A7AF9E6CE672017F4F12ABF77240C78E761AC203D1D9D20AC89988
                                                                                                                                                                                                                                                                                                                                                SHA-512:BCAD73A7A5AFB7120549DD54BA1F15C551AE24C7181F008392065D1ED006E6FA4FA5A60538D52461B15A12F5292049E929CFFDE15CC400DEC9CDFCA0B36A68DD
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:0...0..x..........W..!2.9...wu\0...*.H........0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40...130801120000Z..380115120000Z0b1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1!0...U....DigiCert Trusted Root G40.."0...*.H.............0..........sh..]J<0"0i3..%..!=..Y..).=X.v..{....0....8..V.m...y....._..<R.R....~...W.YUr.h.p..u.js2...D.......t;mq.-... .. .c)-..^N..!a.4...^.[......4@_.zf.w.H.fWW.TX..+.O.0.V..{]..O^.5.1..^......@.y.x...j.8.....7...}...>..p.U.A2...s*n..|!L....u]xf.:1D.3@...ZI...g.'..O9..X..$\F.d..i.v.v=Y]Bv...izH....f.t..K...c....:.=...E%...D.+~....am.3...K...}....!........p,A`..c.D..vb~.....d.3....C....w.....!..T)%.l..RQGt.&..Au.z._.?..A..[..P.1..r."..|Lu?c.!_. Qko....O..E_. ........~.&...i/..-............B0@0...U.......0....0...U...........0...U..........q]dL..g?....O0...*.H..............a.}.l.........dh.V.w.p...J...x\.._...)V.6I]Dc...f.#.=y.mk.T..<.C@..P.R..;...ik.

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):400
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.993622469349586
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:kKjR3md1I88STXlRNfOAUMivhClroFzCJCgO3lwuqDnlyQ4hY5isIlQhZgJn:t2XmxMiv8sFzD3quqDkPh8Y2ZM
                                                                                                                                                                                                                                                                                                                                                MD5:80982818DB0C8997E571DD40CDE46484
                                                                                                                                                                                                                                                                                                                                                SHA1:353F8C710769BAD2B9783E0A3F0B0ABD05208C9F
                                                                                                                                                                                                                                                                                                                                                SHA-256:706CB9943E80A37D58830E2BB3C4F6FCFF4E65EEB5EDA28F1878898BE8672B6D
                                                                                                                                                                                                                                                                                                                                                SHA-512:BAFEAA0BE02CA73429D872658254BB12E2E2C4290201626117D872BBC04F5A39243F717A4F85340C6C27473E9EC54564FDBBF0C414C93F811587F1DF06A62D6C
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:p...... ................(................jr/#.....VX......................VX.... ..........$.... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.3.x.L.4.L.Q.L.X.D.R.D.M.9.P.6.6.5.T.W.4.4.2.v.r.s.U.Q.Q.U.R.e.u.i.r.%.2.F.S.S.y.4.I.x.L.V.G.L.p.6.c.h.n.f.N.t.y.A.8.C.E.A.6.b.G.I.7.5.0.C.3.n.7.9.t.Q.4.g.h.A.G.F.o.%.3.D...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_DEB07B5578A606ED6489DDA2E357A944

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):404
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.553650812422079
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:kK38fLEtUfOAUMivhClroFHXHDZA6liyZlSlMul0bg3PWovy28lhl+KscSikKYlF:WYtUmxMiv8sF3HtllJZIvOP205scn8
                                                                                                                                                                                                                                                                                                                                                MD5:48BA691C2CF202D2E31521B25BFBA10D
                                                                                                                                                                                                                                                                                                                                                SHA1:77D56F4C2EEDF278511000592F09470554E7235F
                                                                                                                                                                                                                                                                                                                                                SHA-256:80EBA300FD7EA8082DDFC517CD05E0550ECD6DBA0867553E53EC15C1E307B4BA
                                                                                                                                                                                                                                                                                                                                                SHA-512:D62954DBF77596945E9F93FB10CEDEA48F9093936F8CA7E22183BF8D6DF7545F54FF861441140BA90D1466A5783C2B4D0EE792D4347EA3B0EF80A24755CFA300
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:p...... .... .......p..(....................................................... ........!..... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.S.R.X.e.r.F.0.e.F.e.S.W.R.r.i.p.T.g.T.k.c.J.W.M.m.7.i.Q.Q.U.a.D.f.g.6.7.Y.7.%.2.B.F.8.R.h.v.v.%.2.B.Y.X.s.I.i.G.X.0.T.k.I.C.E.A.o.o.S.Z.l.4.5.Y.m.N.9.A.o.j.j.r.i.l.U.u.g.%.3.D...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C56C4404C4DEF0DC88E5FCD9F09CB2F1

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):308
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.222088880688642
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:kKPG3zNcalgRAOAUSW0P3PeXJUwh8lmi3Y:3ttWOxSW0P3PeXJUZY
                                                                                                                                                                                                                                                                                                                                                MD5:A0A50BB7B4D38B8D40238C2195D46EE0
                                                                                                                                                                                                                                                                                                                                                SHA1:82E6BBF9EE6F915AF0173EFF69A3ACAF55645D38
                                                                                                                                                                                                                                                                                                                                                SHA-256:A28954553751DE2B7F0F53B404EFC96E32AE1854C51DB6D18B51E4F1715C8359
                                                                                                                                                                                                                                                                                                                                                SHA-512:C0DCD4A9A1536B1BBBF4EBD97F5038A4C1185F40D0B00995AC0998E9E1C725E82BFF1D2B67FBA54906FD1062E6CE2BC7B782FE478086DC414BB99D01ED0FD8A5
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:p...... ................(....................................................... ........}.-@@......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.G.4.C.o.d.e.S.i.g.n.i.n.g.R.S.A.4.0.9.6.S.H.A.3.8.4.2.0.2.1.C.A.1...c.r.t...".6.0.9.0.3.0.2.2.-.6.b.4."...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):412
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.527956162650923
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:kKe2mK24KfOAUMivhClroFfJSUm2SQwItJqB3UgPSgakZdPolRMnOlAkrn:22m9bmxMiv8sFBSfamB3rbFURMOlAkr
                                                                                                                                                                                                                                                                                                                                                MD5:0CD5F7CB6DA0AA1FB853318ADFC6E5E3
                                                                                                                                                                                                                                                                                                                                                SHA1:F359FCC1F0522D71B69AC6DDF3C428DBA7015DA1
                                                                                                                                                                                                                                                                                                                                                SHA-256:5AE957F30D9BBD1AC47C986093B4D442ECAFE8A9A014A70258C62A4453F2E769
                                                                                                                                                                                                                                                                                                                                                SHA-512:31A2F81C815BB55379684E544228A9813077BE9B1CAD0F130CDA59DBFACF0B6E84789FD750602FDFF42B0E64E9729D36DADDD103549FC17A008EA772699C18A0
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:p...... ....(...Zi...b..(....................................................... ........$. .... ...................h.t.t.p.:././.o.c.s.p...d.i.g.i.c.e.r.t...c.o.m./.M.F.E.w.T.z.B.N.M.E.s.w.S.T.A.J.B.g.U.r.D.g.M.C.G.g.U.A.B.B.T.f.I.s.%.2.B.L.j.D.t.G.w.Q.0.9.X.E.B.1.Y.e.q.%.2.B.t.X.%.2.B.B.g.Q.Q.U.7.N.f.j.g.t.J.x.X.W.R.M.3.y.5.n.P.%.2.B.e.6.m.K.4.c.D.0.8.C.E.A.i.t.Q.L.J.g.0.p.x.M.n.1.7.N.q.b.2.T.r.t.k.%.3.D...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2E248BEDDBB2D85122423C41028BFD4

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):254
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):3.060772882719261
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:kKrlzLDcJgjcalgRAOAUSW0PTKDXMOXISKlUp:zpLYS4tWOxSW0PAMsZp
                                                                                                                                                                                                                                                                                                                                                MD5:796CAE181AA7FCFB8A7AB930A0FAEAE6
                                                                                                                                                                                                                                                                                                                                                SHA1:8A5DF1E02CC325B1291F649918A2A2C5778709AA
                                                                                                                                                                                                                                                                                                                                                SHA-256:4C4DBE741F6F0F7DF260FDC40FC293569247DA8A264CA9D187201D21326BEBD8
                                                                                                                                                                                                                                                                                                                                                SHA-512:4855465209976D91EE5D718B3B4C8638B2856A42BEC8A4558E334D574E846D628B38D8FA6B109D9B807F56260BC9854654DCFE1CDC338B0BA49AD86DDF7ACD6C
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:p...... ....l...'.......(....................................................... ............n......................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.T.r.u.s.t.e.d.R.o.o.t.G.4...c.r.t...".5.a.2.8.6.4.1.7.-.5.9.4."...

                                                                                                                                                                                                                                                                                                                                                C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\AgentPackageAgentInformation.exe.log

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):1944
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.343420056309075
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:MxHKQg8mHDp684YHKGSI6oPtHTHhAHKKkhHNpaHKlT44HKmHKe60:iqzCYqGSI6oPtzHeqKkhtpaqZ44qmq10
                                                                                                                                                                                                                                                                                                                                                MD5:437E4DCFC04CB727093C5232EA15F856
                                                                                                                                                                                                                                                                                                                                                SHA1:81B949390201F3B70AE2375518A0FFD329310837
                                                                                                                                                                                                                                                                                                                                                SHA-256:5EADB9774A50B6AD20D588FDA58F5A42B2E257A0AA26832B41F8EA008C1EB96B
                                                                                                                                                                                                                                                                                                                                                SHA-512:0332C7E5205CF9221172473A841284487ACC111780A58557231FCDE72A5EDB7E7E3EF6C87AB9682A688BC24992A74027F930267B541039BD8757EEF4E2F51A0E
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System\b187b7f31cee3e87b56c8edca55324e0\System.ni.dll",0..3,"System.ServiceProcess, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Serv759bfb78#\e2ca4e2ddffdc0d0bda3f2ca65249790\System.ServiceProcess.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Core\31326613607f69254f3284ec964796c8\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_64\System.Configuration\915c1ee906bd8dfc15398a4bab4acb48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF03F7F4E9FB6913B4.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.5664109556734713
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:Az8PhPuRc06WXJSnT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:AahP1JnTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:588F16A4072C051CC93D39E8B2D81440
                                                                                                                                                                                                                                                                                                                                                SHA1:70512A7D4B6139752EE9DD89D4D96715F981FB9A
                                                                                                                                                                                                                                                                                                                                                SHA-256:5A1AF65BB2635950642983558ABC5823208D1D8F3B4B6EE3BAE7EBFCD53288FE
                                                                                                                                                                                                                                                                                                                                                SHA-512:D0E1B9109C94E7F076F21AD93F42D801F81C01A66DDAA9D7D9C314A4D84A5DA6B0B22B7D22D0F3CE7DDD7686BC116EAECFD141DE2A12885135AF8BA407DC7DA9
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF03F7F4E9FB6913B4.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF2AC55C925B773F74.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.07155019181547037
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:2/9LG7iVCnLG7iVrKOzPLHKOc140TfgdrkXgVky6lit/:2F0i8n0itFzDHFvufgdCit/
                                                                                                                                                                                                                                                                                                                                                MD5:64AF623EC63496AE56C3FF21C3AFB54C
                                                                                                                                                                                                                                                                                                                                                SHA1:878E871734D58837CB8CCBD45637423D4439408A
                                                                                                                                                                                                                                                                                                                                                SHA-256:B604A5FF5DC91F4CCE5759F6B92067A11E2ED8F34B2715D21AA60A6C2F794C59
                                                                                                                                                                                                                                                                                                                                                SHA-512:6B7260F653C4AA42C7F15C0BC9230DADBA89BD7BC6831B0D135006B306123F840474570E16115E09FAB41EF653F1FF7576A6096806DB4CBA98D0F31FCE64202C
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF329B2876A41199DB.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):69632
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.14361584656092727
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:CnxubmStedGPdGeqISoedGPdGfHbr4csl:i4yLIXcs
                                                                                                                                                                                                                                                                                                                                                MD5:86FA61159FE3F843E74527DA161759E9
                                                                                                                                                                                                                                                                                                                                                SHA1:E083C235CFD714353FF2217EBE9ADC31F62659BF
                                                                                                                                                                                                                                                                                                                                                SHA-256:7DEBF80B06174AC285773DCBE5BE9000934F8FE7FAC401D43DC7A28572D57630
                                                                                                                                                                                                                                                                                                                                                SHA-512:53781BC1B4344878F476BF2D81B72BBADEF8A1807B9A33ADC87C36DD96989344EB98EFEB13B99BBA54DD163567931D650C77981B14A16AADE4B46DA1B475F1E0
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF329B2876A41199DB.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF605B4EFF8857F184.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2537849087587136
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:ogXukEBNveFXJBT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:RXnZTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:0C1CDAD6EEA03D48E1E53E86CD9EC84D
                                                                                                                                                                                                                                                                                                                                                SHA1:85B29F77029A4363B8DC9D2A0F93F577E944A50F
                                                                                                                                                                                                                                                                                                                                                SHA-256:9A3D23F1FFC7D628B68182F1AA363B2C9BF521E323945FAE7CEE2FFD9E79D9D0
                                                                                                                                                                                                                                                                                                                                                SHA-512:E4E5481522ADCA8AB6345313EF35239D9DBB39FA3D97C58C6C675EEDE9B6DA97E14A33E4ED7C26FC3BFA1BF5D7624660D6FB32FBC1DA0B333F029C265F3550E7
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF605B4EFF8857F184.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF79FF23373A05C1F3.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF861F9EB41197E865.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2537849087587136
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:ogXukEBNveFXJBT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:RXnZTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:0C1CDAD6EEA03D48E1E53E86CD9EC84D
                                                                                                                                                                                                                                                                                                                                                SHA1:85B29F77029A4363B8DC9D2A0F93F577E944A50F
                                                                                                                                                                                                                                                                                                                                                SHA-256:9A3D23F1FFC7D628B68182F1AA363B2C9BF521E323945FAE7CEE2FFD9E79D9D0
                                                                                                                                                                                                                                                                                                                                                SHA-512:E4E5481522ADCA8AB6345313EF35239D9DBB39FA3D97C58C6C675EEDE9B6DA97E14A33E4ED7C26FC3BFA1BF5D7624660D6FB32FBC1DA0B333F029C265F3550E7
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF861F9EB41197E865.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF9BE70E11C712AC71.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.5664109556734713
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:Az8PhPuRc06WXJSnT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:AahP1JnTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:588F16A4072C051CC93D39E8B2D81440
                                                                                                                                                                                                                                                                                                                                                SHA1:70512A7D4B6139752EE9DD89D4D96715F981FB9A
                                                                                                                                                                                                                                                                                                                                                SHA-256:5A1AF65BB2635950642983558ABC5823208D1D8F3B4B6EE3BAE7EBFCD53288FE
                                                                                                                                                                                                                                                                                                                                                SHA-512:D0E1B9109C94E7F076F21AD93F42D801F81C01A66DDAA9D7D9C314A4D84A5DA6B0B22B7D22D0F3CE7DDD7686BC116EAECFD141DE2A12885135AF8BA407DC7DA9
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DF9BE70E11C712AC71.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DF9D959851B3998715.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DFE286531BC9E5DA5B.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:Composite Document File V2 Document, Cannot read section info
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):1.2537849087587136
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:48:ogXukEBNveFXJBT5jYBqISoedGPdGfHbr4cIStedGPdGRubBn:RXnZTicIXcIoF
                                                                                                                                                                                                                                                                                                                                                MD5:0C1CDAD6EEA03D48E1E53E86CD9EC84D
                                                                                                                                                                                                                                                                                                                                                SHA1:85B29F77029A4363B8DC9D2A0F93F577E944A50F
                                                                                                                                                                                                                                                                                                                                                SHA-256:9A3D23F1FFC7D628B68182F1AA363B2C9BF521E323945FAE7CEE2FFD9E79D9D0
                                                                                                                                                                                                                                                                                                                                                SHA-512:E4E5481522ADCA8AB6345313EF35239D9DBB39FA3D97C58C6C675EEDE9B6DA97E14A33E4ED7C26FC3BFA1BF5D7624660D6FB32FBC1DA0B333F029C265F3550E7
                                                                                                                                                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                                                                                                                                                Yara Hits:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Windows\Temp\~DFE286531BC9E5DA5B.TMP, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Preview:......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DFEC06232194559246.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DFECAFB6D246C1D17D.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                C:\Windows\Temp\~DFFF03F3AA2EBF4357.TMP

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):512
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                                                                                                                                                MD5:BF619EAC0CDF3F68D496EA9344137E8B
                                                                                                                                                                                                                                                                                                                                                SHA1:5C3EB80066420002BC3DCC7CA4AB6EFAD7ED4AE5
                                                                                                                                                                                                                                                                                                                                                SHA-256:076A27C79E5ACE2A3D47F9DD2E83E4FF6EA8872B3C2218F66C92B89B55F36560
                                                                                                                                                                                                                                                                                                                                                SHA-512:DF40D4A774E0B453A5B87C00D6F0EF5D753143454E88EE5F7B607134598294C7905CCBCF94BBC46E474DB6EB44E56A6DBB6D9A1BE9D4FB5D1B5F2D0C6ED34BFE
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                                                                                                                                                Process:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                                                                                                                                                Size (bytes):447
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):5.382444992137201
                                                                                                                                                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                                                                                                                                                SSDEEP:6:YBCrkpSFPMKlfGSleFE3qzWHP4VYzdgE445JxqKWm4nia/he0RnYuvJqMLDrTPxo:Y0rsShlOS0+3dYr2xOi2N3rTPqiEhOsv
                                                                                                                                                                                                                                                                                                                                                MD5:957509DA2315117084E22C681D28688D
                                                                                                                                                                                                                                                                                                                                                SHA1:9BBEB208F4FCD140A8D70B245404781CB43FD996
                                                                                                                                                                                                                                                                                                                                                SHA-256:3A36F819447618EBA6B635A51FB0D4196824993D224B7C9E58A6CEB81F36B90A
                                                                                                                                                                                                                                                                                                                                                SHA-512:B317072FE1889C6E39FBCEC5C8958D0250C215B708A800B3E9EB4E5C0C2D50B4D02BB9BC7143B31D7BBE31AC38F60F0A99D509E4E43A80DF7A82CC9AAE13BF67
                                                                                                                                                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                                                                                                                                                Preview:{"PackageName":"AgentPackageAgentInformation","ExecutableCommandArgs":["minimalIdentification"],"Data":{"AccountId":"001Q300000MFxEPIA1","UserLogin":"Moshe@nlc.co.il","MachineName":"899552","CustomerId":"1","FolderId":"","IsMinimalIdentification":true,"UniqueMachineIdentifier":"dSSlMBHQtjz6QeI7DU3WgZJHivAXu1aSS6MJXtP1rsw=","OsType":"Windows"},"CommandId":"5232f273-c62e-437a-a74a-dca82f700d20","AgentId":"95230b78-0b09-4026-a7c5-5fe4c9d15b4c"}..

                                                                                                                                                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                File type:Composite Document File V2 Document, Little Endian, Os: Windows, Version 10.0, MSI Installer, Code page: 1252, Title: Installation Database, Subject: AteraAgent, Author: Atera networks, Keywords: Installer, Comments: This installer database contains the logic and data required to install AteraAgent., Template: Intel;1033, Revision Number: {721AD955-79FD-4019-BBF5-9DCC4C1175BB}, Create Time/Date: Wed Feb 28 10:52:02 2024, Last Saved Time/Date: Wed Feb 28 10:52:02 2024, Number of Pages: 200, Number of Words: 6, Name of Creating Application: Windows Installer XML Toolset (3.11.2.4516), Security: 2
                                                                                                                                                                                                                                                                                                                                                Entropy (8bit):7.878654931925023
                                                                                                                                                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                                                                                                                                                • Microsoft Windows Installer (60509/1) 57.88%
                                                                                                                                                                                                                                                                                                                                                • ClickyMouse macro set (36024/1) 34.46%
                                                                                                                                                                                                                                                                                                                                                • Generic OLE2 / Multistream Compound File (8008/1) 7.66%
                                                                                                                                                                                                                                                                                                                                                File name:9rSeCZbjZE.msi
                                                                                                                                                                                                                                                                                                                                                File size:2'994'176 bytes
                                                                                                                                                                                                                                                                                                                                                MD5:c4e4332cf78e92bef45cab4d8d9a29a8
                                                                                                                                                                                                                                                                                                                                                SHA1:e6f5aae7f231f9f108f0bbcc5c7240bee17a180e
                                                                                                                                                                                                                                                                                                                                                SHA256:63f2e49bd14880bed0033cbf0878ee50f18555432d3ad1439b304e6a2dc00fc6
                                                                                                                                                                                                                                                                                                                                                SHA512:7a486e162560c736533d23cf7863eda03f822aff0411fab40d70518026a5c7bb765990139f37bae416cfad05b700756521e165f07b951041e5fb806644a54c63
                                                                                                                                                                                                                                                                                                                                                SSDEEP:49152:4+1Ypn4N2MGVv1zyIBWGppT9jnMHRjOOozjcqZJN8dUZTwYaH7oqPxMbY+K/tzQz:4+lUlz9FKbsodq0YaH7ZPxMb8tT
                                                                                                                                                                                                                                                                                                                                                TLSH:18D523117584483AE3BB0A358D7AD6A05E7DFE605B70CA8E9308741E2E705C1AB76F73
                                                                                                                                                                                                                                                                                                                                                File Content Preview:........................>......................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                                                                                                                                                Icon Hash:2d2e3797b32b2b99

                                                                                                                                                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                                                                                                                                                Suricata IDS Alerts

                                                                                                                                                                                                                                                                                                                                                TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:18:20.192565+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64972935.157.63.229443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:18:22.040487+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64973235.157.63.229443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:18:23.566502+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64973735.157.63.229443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:08.335189+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64974735.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:25.711687+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64975335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:27.998491+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64975735.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:31.364146+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64976535.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:33.960808+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64977335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:41.215256+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64978135.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:42.551905+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64978635.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:46.105709+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64980135.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:47.520191+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64980735.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:51.270142+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64981635.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:53.048903+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64982835.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:56.724953+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64984335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:19:59.006496+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64985435.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:01.693105+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64986335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:03.420400+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64987235.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:05.031180+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64987935.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:07.727965+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64989335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:09.019747+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64990135.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:11.155367+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64990835.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:13.309016+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64992335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:14.536443+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64993235.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:17.676408+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64994335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:19.843023+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64995335.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:20:22.083022+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.64996535.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:22:09.645174+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65032235.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:22:11.614258+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65032535.157.63.228443TCP
                                                                                                                                                                                                                                                                                                                                                2024-10-02T19:22:12.888429+02002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.65032835.157.63.228443TCP

                                                                                                                                                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.750386953 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.750430107 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.751524925 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.761363029 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.761379004 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.806509972 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.806536913 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.806668997 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.807418108 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.807434082 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.769870996 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.769984007 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.770029068 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.770381927 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.775108099 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.775120020 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.775518894 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.777091980 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.777123928 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.777482986 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.778105974 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.778949976 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.819431067 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.823398113 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.960894108 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.961002111 CEST4434972435.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.961107016 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.966268063 CEST49724443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.966931105 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.967005968 CEST4434972235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.967055082 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:18.971838951 CEST49722443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.074465036 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.074528933 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.074599981 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.075139046 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.075165033 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.076587915 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.076615095 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.076682091 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.076967001 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:19.076994896 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.010049105 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.010452986 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.011400938 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.011435986 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.012331009 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.012348890 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.192588091 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.192650080 CEST4434972935.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.193478107 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.193931103 CEST49729443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.571661949 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.571681023 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.571743965 CEST4434973035.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.571755886 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.574410915 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.592907906 CEST49730443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.923454046 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.923479080 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.923841000 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924236059 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924247026 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924587965 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924691916 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924786091 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.924998045 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.925038099 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.933505058 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.933538914 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.933630943 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.933898926 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.933914900 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.689518929 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.689600945 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.691541910 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.691570044 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.691803932 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.692641973 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.735430002 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.780152082 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.780196905 CEST4434973413.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.780246019 CEST49734443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.853467941 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.855556965 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.855576992 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.981822968 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.984723091 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:21.984788895 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.040374994 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.040544987 CEST4434973235.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.040637970 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.040942907 CEST49732443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.166944027 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.166965961 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.167021990 CEST4434973335.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.167088032 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.167088032 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.167634964 CEST49733443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.178262949 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.178297043 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.178371906 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.178791046 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.178812981 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.187017918 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.187031031 CEST4434973835.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.187222958 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.187400103 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:22.187417030 CEST4434973835.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.098357916 CEST4434973835.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.100476980 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.100496054 CEST4434973835.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.269233942 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.310508966 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.379393101 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.379401922 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.566359997 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.566438913 CEST4434973735.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.566618919 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:23.582904100 CEST49737443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:26.797060966 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:26.797101974 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:26.797270060 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:26.797430992 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:26.797444105 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.530639887 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.530726910 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.532253027 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.532258987 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.533165932 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.534020901 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.579395056 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822632074 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822690964 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822732925 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822752953 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822767973 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822794914 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.822818041 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903209925 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903281927 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903315067 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903331041 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903487921 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.903487921 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.908993006 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.909034014 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.909085035 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.909090996 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.909133911 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.988876104 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.988900900 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.988955021 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.988970995 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.988993883 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.989007950 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.989893913 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.989943027 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.989973068 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.989979982 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.990004063 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.990012884 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.991929054 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.991980076 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.992010117 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.992016077 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.992038012 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.992063999 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015583038 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015642881 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015785933 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015785933 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015799046 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.015844107 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.075567961 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.075592041 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.075737953 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.075753927 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.075896978 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.076069117 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.076082945 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.076138020 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.076144934 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.076184034 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.077429056 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.077442884 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.077523947 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.077531099 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.077568054 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.078392982 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.078407049 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.078485966 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.078493118 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.078531981 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.080449104 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.080463886 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.080532074 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.080538034 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.080574036 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.081413031 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.081425905 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.081475973 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.081482887 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.081516027 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100548029 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100591898 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100637913 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100647926 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100812912 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.100812912 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.101963043 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113562107 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113605022 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113656044 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113665104 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113817930 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.113817930 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162503958 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162580013 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162730932 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162730932 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162739038 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162771940 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162810087 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162823915 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162837982 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162849903 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162883043 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162898064 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.162993908 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163033962 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163060904 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163069963 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163089991 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163111925 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163250923 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163301945 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163320065 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163326025 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163356066 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.163372040 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166034937 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166085005 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166119099 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166124105 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166156054 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.166172028 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187374115 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187406063 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187443018 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187474012 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187474966 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187489033 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187503099 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.187544107 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.200340986 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.200362921 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.200443983 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.200452089 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.247983932 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.268896103 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.268985033 CEST4434973913.35.58.104192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.268985987 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.269026995 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.270068884 CEST49739443192.168.2.613.35.58.104
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.185065031 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.185174942 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.185256958 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.185978889 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.186012983 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.130486965 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.136079073 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.136148930 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.335086107 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.335244894 CEST4434974735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.335453033 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.336627960 CEST49747443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.337656021 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.337743044 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.337825060 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.338093996 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:08.338130951 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.410857916 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.428073883 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.428127050 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.658889055 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.659065962 CEST4434974835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.659174919 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:09.664858103 CEST49748443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.361071110 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.361187935 CEST4434973835.157.63.229192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.361284018 CEST49738443192.168.2.635.157.63.229
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.396758080 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.396789074 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.396842957 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.397728920 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.397742033 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.419040918 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.419131041 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.419214010 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.419699907 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.419740915 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.339098930 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.339241982 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.342303991 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.342319012 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.343090057 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.344310045 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.391405106 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.511574984 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.511729002 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.519392967 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.519418955 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.520191908 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.521331072 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.534076929 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.534293890 CEST4434975235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.534410954 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.540952921 CEST49752443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.542135954 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.542174101 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.542727947 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.543008089 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.543025970 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.567405939 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.711616039 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.711745024 CEST4434975335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.711926937 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:25.712440968 CEST49753443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.760351896 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.761631012 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.761663914 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.950542927 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.950695038 CEST4434975535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.950783968 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.951430082 CEST49755443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.955465078 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.955528021 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.955605984 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.955955029 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.955971956 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.956407070 CEST49758443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.956413031 CEST4434975835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.956461906 CEST49758443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.956653118 CEST49758443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:26.956665039 CEST4434975835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.639730930 CEST49758443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.642685890 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.642748117 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.643110037 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.643110991 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.643166065 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.683479071 CEST4434975835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.814905882 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.816103935 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.816128016 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.950469971 CEST4434975835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.950654030 CEST49758443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.998549938 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:27.998718023 CEST4434975735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.002748013 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.003104925 CEST49757443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.004101038 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.004134893 CEST4434976335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.004527092 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.004664898 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.004678011 CEST4434976335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.171484947 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.172782898 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.172816038 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.174747944 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.175113916 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.175126076 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.219405890 CEST4434976335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.748119116 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.748326063 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.750577927 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.750591993 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.750833988 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.753710985 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.795427084 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.949173927 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.952188969 CEST4434976335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.952251911 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.952270031 CEST49763443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.998212099 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.998229980 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.998840094 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.998977900 CEST4434976035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:28.999098063 CEST49760443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.000041008 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.000082970 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.000144958 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.000395060 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.000410080 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.117423058 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.117503881 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.119564056 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.119570017 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.120322943 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.121222019 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.167438030 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.353879929 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.404453039 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.404467106 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.405538082 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.405615091 CEST4434976435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.405661106 CEST49764443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.407231092 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.407263994 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.407320023 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.407691002 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:29.407705069 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.172921896 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.172991037 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.175064087 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.175076962 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.175431967 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.176403046 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.176423073 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.176476002 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.178241968 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.178253889 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.178594112 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.179544926 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.223407030 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.227401018 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.358618021 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.358714104 CEST4434976735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.358757019 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.359446049 CEST49767443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.362802029 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.362896919 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.362972975 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.363429070 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.363471031 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.364263058 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.364429951 CEST4434976535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.364478111 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:31.364772081 CEST49765443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.290602922 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.294441938 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.294519901 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861129045 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861182928 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861248970 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861279011 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861323118 CEST4434976835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861368895 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.861968994 CEST49768443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.871189117 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.871218920 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.871269941 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.871762037 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.871774912 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.872375965 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.872385025 CEST4434977435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.872438908 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.872773886 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:32.872785091 CEST4434977435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.772253990 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.777719975 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.777760029 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.782463074 CEST4434977435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.789192915 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.789232969 CEST4434977435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.960850000 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.961025000 CEST4434977335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.961281061 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:33.962234020 CEST49773443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.090879917 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.090984106 CEST4434977435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.091053009 CEST49774443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095124006 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095223904 CEST4434978035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095299959 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095566988 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095587015 CEST4434978035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095833063 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095869064 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.095925093 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.096282005 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.096293926 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.359649897 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.361516953 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.361573935 CEST4434978335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.361644983 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.365317106 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.365344048 CEST4434978335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.403453112 CEST4434978035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.572473049 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.573599100 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.573667049 CEST4434978435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.573770046 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.574125051 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.574137926 CEST4434978435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.619415045 CEST4434978335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.026168108 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.026320934 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.028887033 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.028898954 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.029223919 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.030870914 CEST4434978035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.030989885 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.030989885 CEST49780443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.031996012 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.075412989 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.215279102 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.297692060 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.297725916 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.299221039 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.299283028 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.299499989 CEST4434978135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.299577951 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.299577951 CEST49781443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.305180073 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.305248022 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.305421114 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.309452057 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.309468031 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.312828064 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.313669920 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.313682079 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.313867092 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.316914082 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.316926003 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.355393887 CEST4434978435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.400209904 CEST4434978335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.400352955 CEST4434978335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.400377035 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.400377035 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.400635958 CEST49783443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.607692957 CEST4434978435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.607765913 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:41.607800007 CEST49784443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.222651958 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.222743034 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.225312948 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.225327969 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.225944042 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.227121115 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.267401934 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.365530014 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.365624905 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.368781090 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.368798018 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.369235039 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.370853901 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.414124966 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.414207935 CEST4434978535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.414261103 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.414985895 CEST49785443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.415411949 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.416182995 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.416280985 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.416353941 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.416734934 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.416769028 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.551927090 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.592037916 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.592078924 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.592627048 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.592734098 CEST4434978635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.592803001 CEST49786443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.596838951 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.596882105 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.601452112 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.601452112 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:42.601540089 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.340776920 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.341008902 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.343158960 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.343205929 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.344156027 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.346225023 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.387434959 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.530240059 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.541663885 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.541938066 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.544929981 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.544945955 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.545887947 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.550748110 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.595407963 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.635488987 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.635521889 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.636044025 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.636147022 CEST4434979135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.636203051 CEST49791443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.637295008 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.637341976 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.637411118 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.637689114 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.637701988 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.795175076 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.795281887 CEST4434979235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.795337915 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.796097040 CEST49792443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.797188044 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.797236919 CEST4434979635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.797308922 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.797660112 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.797674894 CEST4434979635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.861968994 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.863909006 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.863966942 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.864020109 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.864533901 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.864545107 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:43.907399893 CEST4434979635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.593734980 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.598754883 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.598786116 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.845552921 CEST4434979635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.845948935 CEST4434979635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.846034050 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.846034050 CEST49796443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.851788044 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.851871014 CEST4434979535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.851942062 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.852521896 CEST49795443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.853322983 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.853367090 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.853466034 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.853966951 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.853985071 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.889894962 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.890049934 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.891966105 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.891979933 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.892744064 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.894141912 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:44.935395956 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.075743914 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.205780029 CEST4434979735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.206015110 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.206753016 CEST49797443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.207345963 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.207408905 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.210810900 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.211195946 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.211219072 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.915877104 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.915982008 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.918849945 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.918883085 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.919178963 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.920063019 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:45.967408895 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.105740070 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.105832100 CEST4434980135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.105906010 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.106487989 CEST49801443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.108386040 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.108504057 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.108596087 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.109369993 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.109409094 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.162142992 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.163418055 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.163444042 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.361697912 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.361874104 CEST4434980335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.361938953 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.362350941 CEST49803443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.367237091 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.367273092 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.367340088 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.368812084 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:46.368838072 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.063203096 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.066773891 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.066809893 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.253628969 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.330472946 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.332257986 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.332288980 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.385545015 CEST4434980435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.386910915 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.387463093 CEST49804443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.388180971 CEST49809443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.388226032 CEST4434980935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.390902996 CEST49809443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.391460896 CEST49809443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.391469955 CEST4434980935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.455461979 CEST49809443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.459402084 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.459422112 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.460421085 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.460421085 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.460447073 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.503395081 CEST4434980935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.520219088 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.520299911 CEST4434980735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.522838116 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:47.523447037 CEST49807443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.312845945 CEST4434980935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.312902927 CEST49809443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.376970053 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.377053976 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.379004955 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.379014969 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.379815102 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.380887032 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.423404932 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.471762896 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.471820116 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.471872091 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.475291967 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.475311995 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.622925043 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.623049974 CEST4434981035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.623454094 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.624830008 CEST49810443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.624830008 CEST49812443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.624874115 CEST4434981235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.625849009 CEST49812443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.628793955 CEST49812443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.628807068 CEST4434981235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.485213041 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.485213041 CEST49812443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.485296011 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.485419989 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.488904953 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.488950014 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.531404018 CEST4434981235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.577003956 CEST4434981235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.577158928 CEST49812443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.596318960 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.597995043 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.599411011 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.599421024 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.599747896 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.632431984 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.679402113 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.830877066 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.831059933 CEST4434981135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.831211090 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.968295097 CEST49811443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.969497919 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.969551086 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.969614983 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.969983101 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:49.969997883 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.416294098 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.416369915 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.418646097 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.418662071 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.418981075 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.420182943 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.467412949 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.604625940 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.604741096 CEST4434981535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.604841948 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.614433050 CEST49815443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.615763903 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.615803957 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.616328955 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.617134094 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:50.617149115 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.071120977 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.082384109 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.082410097 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.270152092 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.270226002 CEST4434981635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.277559042 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.305340052 CEST49816443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.390738010 CEST49823443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.390840054 CEST4434982335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.397407055 CEST49823443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.417529106 CEST49823443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.417551994 CEST4434982335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.573934078 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.581660032 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.581729889 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.771212101 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.771291971 CEST4434982235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.771358967 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.771821022 CEST49822443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.772610903 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.772644997 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.772708893 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.772967100 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:51.772980928 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.023612976 CEST49823443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.026083946 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.026119947 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.026190042 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.026758909 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.026768923 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.071407080 CEST4434982335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.498620987 CEST4434982335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.498678923 CEST49823443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.700061083 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.700175047 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.704883099 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.704893112 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.705255985 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.706267118 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.751416922 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.847866058 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.847975969 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.850191116 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.850203037 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.850636959 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.853801966 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.899405956 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.933629990 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.933741093 CEST4434982735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.935363054 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.935363054 CEST49827443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.936502934 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.936556101 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.936908007 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.936908007 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:52.936950922 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.048937082 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.049029112 CEST4434982835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.049130917 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.050781012 CEST49828443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.853323936 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.881051064 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:53.881094933 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.117609024 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.117697001 CEST4434983335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.117747068 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.127440929 CEST49833443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.132868052 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.132921934 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.132972956 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.135221004 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.135241032 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.135998964 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.136032104 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.136087894 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.136982918 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:54.136995077 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.007741928 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.009185076 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.009196997 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.201585054 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.201690912 CEST4434983735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.201781988 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.202375889 CEST49837443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.203228951 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.203269958 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.203464985 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.203705072 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.203722000 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.253721952 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.255203962 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.255238056 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.447051048 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.498469114 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.498496056 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.498888969 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.498990059 CEST4434983635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.499049902 CEST49836443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.499970913 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.500027895 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.500173092 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.500448942 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.500468969 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.146831989 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.146919966 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.148504972 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.148519993 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.148869991 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.149667025 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.195398092 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.340991020 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.341171026 CEST4434984135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.341233015 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.341690063 CEST49841443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.344549894 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.344604015 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.344669104 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.345000029 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.345014095 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.538655043 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.538721085 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.540242910 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.540252924 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.540489912 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.541282892 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.587409019 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.724958897 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.725052118 CEST4434984335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.725155115 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:56.725960016 CEST49843443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.280956030 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.326459885 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.373980045 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.374008894 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574107885 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574136019 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574218035 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574225903 CEST4434984735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574268103 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.574807882 CEST49847443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.582997084 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.583065987 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.583163023 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.583652973 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.583668947 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.583992958 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.584069967 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.584132910 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.584341049 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:57.584368944 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.603660107 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.607170105 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.607198000 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.759253025 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.760680914 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:58.760729074 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:59.006541014 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:59.006624937 CEST4434985435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:59.006813049 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:59.007148027 CEST49854443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.402654886 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.402959108 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.403521061 CEST4434985535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.403619051 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.403619051 CEST49855443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.406630039 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.406682014 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.406827927 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.408770084 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.408788919 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.411218882 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.411258936 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.411319017 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.412117004 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:00.412130117 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.505745888 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.505862951 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.507592916 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.507601976 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.508357048 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.509289980 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.545047998 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.545146942 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.547066927 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.547081947 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.547430992 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.548310041 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.551446915 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.595405102 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.693245888 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.693500996 CEST4434986335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.693700075 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.694130898 CEST49863443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.695099115 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.695141077 CEST4434986935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.695262909 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.695548058 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.695559025 CEST4434986935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.822156906 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.822336912 CEST4434986235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.822618961 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.823235989 CEST49862443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.824214935 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.824301958 CEST4434987135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.824429035 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.824778080 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.824820995 CEST4434987135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.934178114 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.935230017 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.937551022 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.937607050 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.937721014 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.938285112 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.938303947 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.939007998 CEST49873443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.939105034 CEST4434987335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.939177990 CEST49873443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.939450979 CEST49873443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.939485073 CEST4434987335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.979401112 CEST4434986935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:01.979406118 CEST4434987135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.716156960 CEST4434986935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.716383934 CEST4434986935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.717307091 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.721081972 CEST49869443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.855377913 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.855496883 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.893935919 CEST4434987335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.894061089 CEST49873443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.896862984 CEST4434987135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.896991968 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.897031069 CEST49871443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:02.994535923 CEST49873443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.010772943 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.010834932 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.010902882 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.011153936 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.011171103 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.022264004 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.022305965 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.022906065 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.155642986 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.238521099 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.279418945 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.420417070 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.482028008 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.482064009 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.482551098 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.482655048 CEST4434987235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.482804060 CEST49872443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.924382925 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.924428940 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.924515963 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.925052881 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.925123930 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.928780079 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.928812981 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.929150105 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.929320097 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.929344893 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.930695057 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:03.971446991 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.112602949 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.232820034 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.232866049 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.235402107 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.235543966 CEST4434987635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.235610008 CEST49876443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.237512112 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.237548113 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.237602949 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.238096952 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.238110065 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.843090057 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.843190908 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.845148087 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.845161915 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.845931053 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.847671032 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.895404100 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.031301975 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.031511068 CEST4434987935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.031740904 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.032471895 CEST49879443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.033416986 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.033468962 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.033838987 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.034272909 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.034290075 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.336738110 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.336983919 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.338833094 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.338844061 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.339107037 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.342262030 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.383398056 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.532233953 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.626976013 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.627002001 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628283024 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628381014 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628487110 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628530979 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628593922 CEST4434988335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628659964 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628662109 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.628887892 CEST49883443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.629426956 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:05.629445076 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.072736025 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.185933113 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.316441059 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.316488028 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.511897087 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.512099981 CEST4434988535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.512161016 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.513104916 CEST49885443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.519176006 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.519229889 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.519305944 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.520237923 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.520256996 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.700253010 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.700330973 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.702814102 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.702825069 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.703367949 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.704911947 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.751405954 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.936042070 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.998356104 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.998378992 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.999042034 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.999154091 CEST4434988935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.999209881 CEST49889443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.000032902 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.000134945 CEST4434989435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.000572920 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.000864983 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.000901937 CEST4434989435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.349297047 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.350486040 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.350528955 CEST4434989535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.350626945 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.350929022 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.350939035 CEST4434989535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.395405054 CEST4434989435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.543308020 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.543440104 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.545536995 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.545557022 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.545896053 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.546828032 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.591404915 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.728034973 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.823223114 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.824243069 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.824302912 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.824357033 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.824665070 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.824676991 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.826484919 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.826519966 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.827018976 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.827183962 CEST4434989335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.827248096 CEST49893443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.867417097 CEST4434989535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.917349100 CEST4434989435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.917427063 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.917453051 CEST49894443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.922717094 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.922765017 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.922873974 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.923300028 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:07.923316002 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.588017941 CEST4434989535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.588074923 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.588097095 CEST49895443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.832807064 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.832911015 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.835194111 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.835207939 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.835455894 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.836715937 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.883403063 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.922370911 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.922691107 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.924582958 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.924601078 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.925395012 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.926623106 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:08.971406937 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.019759893 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.019841909 CEST4434990135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.020028114 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.020787001 CEST49901443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.022850037 CEST49904443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.022912025 CEST4434990435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.023036003 CEST49904443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.023566008 CEST49904443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.023586988 CEST4434990435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.155975103 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.156054020 CEST4434990035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.156169891 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.156783104 CEST49900443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.158056974 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.158103943 CEST4434990535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.158178091 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.158463955 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.158477068 CEST4434990535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.877276897 CEST49904443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.877655029 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.880615950 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.880662918 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.880770922 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.881408930 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.881427050 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.882098913 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.882150888 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.882224083 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.882618904 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.882632017 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.923408985 CEST4434990535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:09.923439980 CEST4434990435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.082866907 CEST4434990435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.083009958 CEST49904443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.197403908 CEST4434990535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.197472095 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.197498083 CEST49905443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.847467899 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.847584963 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.850852966 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.850862980 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.851722002 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.864187956 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.907418013 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.968672991 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.970742941 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.970742941 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.970767975 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.971035004 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:10.972091913 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.019403934 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.051616907 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.051692009 CEST4434990935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.052208900 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.054773092 CEST49909443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.155371904 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.287282944 CEST4434990835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.287458897 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.288563967 CEST49908443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.289851904 CEST49918443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.289895058 CEST4434991835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.290569067 CEST49918443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.291044950 CEST49918443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:11.291059971 CEST4434991835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.126015902 CEST49918443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.129561901 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.129616022 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.129772902 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.130913973 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.130949020 CEST4434992435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.131062031 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.131473064 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.131489038 CEST4434992435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.133699894 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.133714914 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.167411089 CEST4434991835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.240817070 CEST4434991835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.240878105 CEST49918443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.433806896 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.434797049 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.434835911 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.434947968 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.435415030 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.435436010 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:12.475439072 CEST4434992435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.060501099 CEST4434992435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.060612917 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.060612917 CEST49924443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.073762894 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.073885918 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.076431990 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.076446056 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.076723099 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.078851938 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.119396925 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.309026957 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.309120893 CEST4434992335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.309727907 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.310112000 CEST49923443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.418847084 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.418874979 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.418962002 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.419703007 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.419712067 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.563680887 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.563872099 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.565645933 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.565656900 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.566288948 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.570920944 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.615398884 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.770605087 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.826525927 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.826543093 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.827251911 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.827333927 CEST4434992735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.827409029 CEST49927443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.828207970 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.828257084 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.828337908 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.828706980 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:13.828723907 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.350107908 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.352438927 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.352451086 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.536211014 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.536273003 CEST4434993235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.536380053 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:14.537226915 CEST49932443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.026949883 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.027024984 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.029433012 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.029439926 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.029680967 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.030956030 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.075407028 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.215361118 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.215460062 CEST4434993435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.215500116 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.216238976 CEST49934443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.217473984 CEST49941443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.217519045 CEST4434994135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.217567921 CEST49941443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.217933893 CEST49941443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.217948914 CEST4434994135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.250201941 CEST49941443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.251954079 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.251993895 CEST4434994235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.252054930 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.253398895 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.253417015 CEST4434994235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.256282091 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.256326914 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.256378889 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.257313967 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.257329941 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.273413897 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.295404911 CEST4434994135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.319406986 CEST4434994235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.380177975 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.380225897 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.380275965 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.380868912 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.380881071 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.360199928 CEST4434994135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.360308886 CEST49941443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.366056919 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.366233110 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.368551016 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.368561983 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.368812084 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.370871067 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.415415049 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.460576057 CEST4434994235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.460725069 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.460725069 CEST49942443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.465934992 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.466073036 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.470879078 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.470901012 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.471708059 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.476385117 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.523406029 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.559206009 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.559408903 CEST4434994635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.562978983 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.563329935 CEST49946443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.566927910 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.566982031 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.567301989 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.571410894 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.571434021 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.676430941 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.806282997 CEST4434994335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.806360006 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.806782007 CEST49943443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.807722092 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.807781935 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.807872057 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.808109999 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:17.808130026 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.509187937 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.512711048 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.512739897 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.707617044 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.707705021 CEST4434994835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.707796097 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.708419085 CEST49948443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.709594011 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.709644079 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.711407900 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.711633921 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.711642027 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.738569021 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.740242958 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.740267038 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.927470922 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.927575111 CEST4434995135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.930988073 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.932235003 CEST49951443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.932235003 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.932275057 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.932545900 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.934881926 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:18.934900045 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.656240940 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.658370018 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.658401012 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.843066931 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.843147039 CEST4434995335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.843192101 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.843924999 CEST49953443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.845010042 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.845046043 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.845103025 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.845442057 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.845455885 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.894095898 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.906219959 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:19.906251907 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.758176088 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.763741970 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.763776064 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.950128078 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.950217009 CEST4434996235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.950660944 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.970508099 CEST49962443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.973532915 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.973576069 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.973742962 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.974740982 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.974759102 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.897793055 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.899418116 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.899444103 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.082978010 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.185910940 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.185934067 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.186769009 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.186889887 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.187189102 CEST4434996535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.187242031 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.187259912 CEST49965443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.187608957 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.187648058 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.189136028 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.189774036 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:22.189788103 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.307034016 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.307126999 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.308751106 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.308762074 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.309029102 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.310280085 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.310324907 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.310493946 CEST4434997135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.310508013 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:23.310544968 CEST49971443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:25.222513914 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:25.222574949 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:25.222634077 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:25.223792076 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:25.223809004 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.251909018 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.252043009 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.253906965 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.253930092 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.254200935 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.255433083 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.255510092 CEST4434998335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.255626917 CEST49983443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.257035017 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.257071972 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.257200956 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.257457972 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:26.257473946 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.509882927 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.510032892 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.656816006 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.656873941 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.657236099 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.658565998 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.658622026 CEST4434998835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.658802032 CEST49988443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.662507057 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.662550926 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.662930965 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.664072037 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:27.664083004 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.918668032 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.918742895 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.921765089 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.921772003 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.922018051 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.923901081 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.923927069 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.924057961 CEST4434999235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.924065113 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.924211979 CEST49992443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.926120996 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.926182032 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.926338911 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.926752090 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.926776886 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.847100973 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.847254992 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.851039886 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.851062059 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.851429939 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.852597952 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.852653027 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.852844954 CEST4435000135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.853555918 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.853555918 CEST50001443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.881278038 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.881337881 CEST4435000635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.885989904 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.885989904 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:29.886039972 CEST4435000635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.664100885 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.665875912 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.665920019 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.666043997 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.666769028 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.666783094 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.711414099 CEST4435000635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.932063103 CEST4435000635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.932137966 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:30.932167053 CEST50006443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.622648954 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.622778893 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.624758005 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.624787092 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.625030994 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.626060963 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.626117945 CEST4435001035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.626185894 CEST50010443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.627321005 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.627362013 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.627432108 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.627700090 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:31.627711058 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.982117891 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.982201099 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.985232115 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.985239983 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.985547066 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.986846924 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.986903906 CEST4435001535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.987046003 CEST50015443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.988220930 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.988257885 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.988394976 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.988907099 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:32.988919973 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.959203959 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.959439993 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.962383986 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.962394953 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.963180065 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965218067 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965298891 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965548038 CEST4435001935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965636969 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965636969 CEST50019443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.965919018 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.966008902 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.969213963 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.969472885 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:33.969518900 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.026932001 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.027097940 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.028805017 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.028835058 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.029606104 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.031171083 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.031280041 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.031692982 CEST4435002335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.031733990 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.031774998 CEST50023443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.032746077 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.032780886 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.032861948 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.033327103 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.033345938 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.950314999 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.950387955 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.953911066 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.953939915 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.954355001 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.955928087 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.955992937 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.956233025 CEST4435002835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.956260920 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.956296921 CEST50028443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.957356930 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.957406998 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.957484961 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.958534002 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:35.958551884 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.947355986 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.947454929 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.950174093 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.950187922 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.950520992 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.952372074 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.952423096 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.952644110 CEST4435003135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.952656984 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.952699900 CEST50031443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.954060078 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.954102039 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.954196930 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.954724073 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:36.954736948 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.925532103 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.925703049 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.927409887 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.927417994 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.927740097 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.929101944 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.929143906 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.929347038 CEST4435003735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.929382086 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.929902077 CEST50037443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.930706978 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.930748940 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.930989981 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.932799101 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.932816029 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.994803905 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.994874001 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.996515989 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.996526957 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.996763945 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.998862028 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.998903990 CEST4435004135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:38.998954058 CEST50041443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:39.003118038 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:39.003179073 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:39.003235102 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:39.003711939 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:39.003742933 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.080363989 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.080456972 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.082108021 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.082129955 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.082897902 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.084001064 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.084088087 CEST4435004335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.084151983 CEST50043443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.085033894 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.085079908 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.087074041 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.087218046 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:40.087234974 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.014271975 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.014465094 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.017765999 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.017786026 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.018007040 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.019246101 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.019314051 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.019501925 CEST4435004635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.019543886 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.019776106 CEST50046443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.020701885 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.020740986 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.021064997 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.021408081 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:41.021421909 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.014156103 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.014223099 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.019207954 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.019222021 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.019447088 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.021310091 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.021361113 CEST4435004835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.021421909 CEST50048443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.023125887 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.023164034 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.023221970 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.023622990 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.023636103 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.933813095 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.933896065 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.936008930 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.936021090 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.936266899 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.937459946 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.937506914 CEST4435005135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.937624931 CEST50051443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.938378096 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.938435078 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.938494921 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.938755989 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:42.938775063 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.433721066 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.433804989 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.435534000 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.435545921 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.435759068 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.437189102 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.437227964 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.437391043 CEST4435005435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.437395096 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.437463999 CEST50054443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.459184885 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.459234953 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.459357023 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.459803104 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:44.459817886 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.398686886 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.398778915 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.542197943 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.542222977 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.542618036 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.558556080 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.558614016 CEST4435005935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.558741093 CEST50059443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.591825962 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.591861963 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.591927052 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.592606068 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:45.592617989 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.052241087 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.052376032 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.054328918 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.054341078 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.054573059 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.056019068 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.056060076 CEST4435006135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.056113958 CEST50061443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.057177067 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.057215929 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.057327032 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.057626009 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.057643890 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.988425016 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:47.988559008 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.024995089 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.025015116 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.025311947 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.026993990 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.027035952 CEST4435006335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.027089119 CEST50063443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.044744015 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.044786930 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.044842958 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.052006006 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:48.052022934 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.018393040 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.018461943 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.020118952 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.020129919 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.020366907 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.021436930 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.021486998 CEST4435006735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.021575928 CEST50067443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.022584915 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.022627115 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.022735119 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.023113966 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:49.023125887 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.254189014 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.254273891 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.256337881 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.256350994 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.256609917 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.257905960 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.257966995 CEST4435007035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.258021116 CEST50070443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.259023905 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.259079933 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.259150028 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.259377003 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:50.259392023 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.168834925 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.168916941 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.194890022 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.194905996 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.195184946 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.197699070 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.197742939 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.197922945 CEST4435007535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.197952986 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.197998047 CEST50075443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.200733900 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.200773001 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.200912952 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.202070951 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:51.202089071 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.173304081 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.173378944 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.175574064 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.175592899 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.175838947 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.177257061 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.177303076 CEST4435007835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.177356005 CEST50078443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.178445101 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.178478003 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.178533077 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.178874969 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:52.178886890 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.354232073 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.354357004 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.356206894 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.356225014 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.356551886 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.357770920 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.357830048 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.358036995 CEST4435008135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.358217001 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.358217001 CEST50081443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.358927011 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.358964920 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.359113932 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.359822989 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.359839916 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.475086927 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.475157022 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.477391958 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.477406025 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.477649927 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479418039 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479468107 CEST4435008535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479572058 CEST50085443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479716063 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479747057 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.479834080 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.481596947 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:54.481638908 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.623738050 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.623878956 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.627315998 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.627342939 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.627696037 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.629156113 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.629210949 CEST4435008935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.629265070 CEST50089443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.630321026 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.630378008 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.630531073 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.630764961 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:55.630783081 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.499284983 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.499382019 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.505408049 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.505433083 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.505676031 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.506733894 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.506787062 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.506953001 CEST4435009335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.507015944 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.507035017 CEST50093443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.507777929 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.507831097 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.509536982 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.509754896 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:56.509772062 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.469227076 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.469346046 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.471497059 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.471508980 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.472275019 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.473625898 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.473711967 CEST4435009635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.473776102 CEST50096443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.474901915 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.474939108 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.475012064 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.475281954 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:57.475307941 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.435096025 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.435180902 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.437288046 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.437302113 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.437578917 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.438622952 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.438668013 CEST4435009935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.438738108 CEST50099443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.439805031 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.439851046 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.439908981 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.440099955 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:58.440113068 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.497203112 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.497304916 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.499249935 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.499255896 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.499557018 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.500621080 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.500660896 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.500845909 CEST4435010235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.500854969 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.500880957 CEST50102443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.502170086 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.502212048 CEST4435010735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.502347946 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.502744913 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:59.502753973 CEST4435010735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.367767096 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.371093035 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.371129036 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.371400118 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.371498108 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.371506929 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.407759905 CEST4435010735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.407824039 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:00.407843113 CEST50107443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.487638950 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.487723112 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.489569902 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.489583015 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.489914894 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.491257906 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.491305113 CEST4435011035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.491354942 CEST50110443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.492409945 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.492461920 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.492537022 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.492799997 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:01.492813110 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:02.890295982 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:02.890379906 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.119038105 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.119067907 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.119934082 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.121227026 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.121315002 CEST4435011335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.121360064 CEST50113443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.345418930 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.345484018 CEST4435011735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.345541954 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.345978022 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.346000910 CEST4435011735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.015702963 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.017086983 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.017127037 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.017584085 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.019570112 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.019587994 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.063412905 CEST4435011735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.253328085 CEST4435011735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.253452063 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:04.253452063 CEST50117443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.103781939 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.103899956 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.106281996 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.106293917 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.106566906 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.108181953 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.108237982 CEST4435012035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.108298063 CEST50120443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.109486103 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.109524965 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.109618902 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.109896898 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:05.109911919 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.353107929 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.353296995 CEST4434995535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.353368998 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.378684044 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.378763914 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.391129971 CEST49955443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.392144918 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.392179012 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.392293930 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.392715931 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.392734051 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.393826008 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.393857002 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.394205093 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.395968914 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396028042 CEST4435012335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396131039 CEST50123443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396477938 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396502972 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396615982 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.396995068 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:06.397010088 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.509510040 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.509612083 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.509687901 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.509711027 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.511678934 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.511692047 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.511981010 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.512214899 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.512234926 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.512547016 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513534069 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513588905 CEST4435012935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513649940 CEST50129443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513778925 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513822079 CEST4435013135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.513914108 CEST50131443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.514555931 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.514595032 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.514731884 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.515383005 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.515399933 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.516379118 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.516438007 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.516583920 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.517062902 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.517082930 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.412187099 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.412271976 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.414660931 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.414670944 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.414901018 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.416254044 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.416296959 CEST4435013535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.416358948 CEST50135443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.417378902 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.417428970 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.417572021 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.417800903 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.417815924 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.543143988 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.543234110 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.545154095 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.545166969 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.545382977 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.546552896 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.546601057 CEST4435013635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.546684027 CEST50136443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.547822952 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.547859907 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.547939062 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.548166037 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:08.548187017 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.938405991 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.938530922 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.939141035 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.939207077 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.949532986 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.949570894 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.950331926 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.951658010 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.951745033 CEST4435013935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.951829910 CEST50139443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.953726053 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.953777075 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.955111980 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.959553003 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.959568977 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.960791111 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.960803032 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.961086988 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962019920 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962055922 CEST4435014235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962132931 CEST50142443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962486982 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962498903 CEST4435014635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962555885 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962738037 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.962749004 CEST4435014635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.860037088 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.864288092 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.864339113 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.864437103 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.865245104 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.865257025 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:10.907403946 CEST4435014635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.003736019 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.003815889 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.005667925 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.005676031 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.005939007 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.008090973 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.008133888 CEST4435014535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.008188009 CEST50145443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.009308100 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.009368896 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.009433985 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.009732008 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.009744883 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.033962011 CEST4435014635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.034060001 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.034060001 CEST50146443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.757836103 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.757920980 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.760034084 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.760042906 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.760279894 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.761466026 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.761503935 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.761626005 CEST4435014935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.761672974 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.761672974 CEST50149443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.762757063 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.762798071 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.762861967 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.763206005 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:11.763222933 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.043452024 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.043529987 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.045819044 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.045826912 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.046101093 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.047827959 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.047883034 CEST4435015135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.047974110 CEST50151443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.049320936 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.049371004 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.049510956 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.049885988 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.049901962 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.943013906 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.943100929 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.944175005 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.944279909 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945102930 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945115089 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945436954 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945733070 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945741892 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.945992947 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.946717024 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.946763039 CEST4435015535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.946904898 CEST50155443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.947343111 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.947396994 CEST4435015435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.947504997 CEST50154443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.948460102 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.948499918 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.948596954 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.948879004 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:12.948898077 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:13.658932924 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:13.658967018 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:13.659025908 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:13.659509897 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:13.659523964 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.015245914 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.015413046 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.017286062 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.017301083 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.017534971 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.019015074 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.019049883 CEST4435015835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.019160032 CEST50158443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.156472921 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.156531096 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.156714916 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.157216072 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.157232046 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.616236925 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.616329908 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.618649960 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.618662119 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.618904114 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.620606899 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.620657921 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.620790958 CEST4435016135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.620856047 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:14.620877028 CEST50161443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.055413961 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.055491924 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.057109118 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.057117939 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.057506084 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.058721066 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.058763981 CEST4435016235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:15.058821917 CEST50162443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.688659906 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.688714027 CEST4435017535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.688872099 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.691955090 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.691970110 CEST4435017535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.695111036 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.695139885 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.699198961 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.699537039 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.699549913 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.833441019 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:18.875408888 CEST4435017535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.001204014 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.001252890 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.001307964 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.001722097 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.001734972 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.571453094 CEST4435017535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.571531057 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.571563005 CEST50175443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.810867071 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.811113119 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.813194990 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.813210964 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.813446999 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.816765070 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.816806078 CEST4435017635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.816891909 CEST50176443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.819406033 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.819436073 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.819817066 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.820271015 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:19.820290089 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.173780918 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.173938036 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.175937891 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.175961971 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.176270008 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.177423954 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.177704096 CEST4435017935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.177793980 CEST50179443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.764130116 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.764337063 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.766922951 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.766932964 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.767276049 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.768697977 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.768767118 CEST4435018035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:20.768894911 CEST50180443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.063359022 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.063390017 CEST4435018535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.063460112 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.064207077 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.064219952 CEST4435018535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.065864086 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.065874100 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.065959930 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.066251040 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.066261053 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.911499977 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:21.959427118 CEST4435018535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.032428980 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.032480001 CEST4435019135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.032557964 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.033284903 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.033304930 CEST4435019135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.184233904 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.185475111 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.185544014 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.185615063 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.185916901 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.185930967 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.231401920 CEST4435019135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.386131048 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.386244059 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.388137102 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.388151884 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.388535023 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.389419079 CEST4435018535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.389508009 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.389524937 CEST50185443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.389961958 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.390001059 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.390187025 CEST4435018635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.390199900 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:22.390281916 CEST50186443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.290369034 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.290468931 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.292355061 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.292363882 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.292793989 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.294131994 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.294176102 CEST4435019235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.294234991 CEST50192443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.334728003 CEST4435019135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.334800005 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.334917068 CEST50191443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.626060963 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.626102924 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.626219988 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.629300117 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.629317045 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.629935026 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.629991055 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.630059004 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.631014109 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:23.631043911 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.664668083 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.664819956 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.666896105 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.666910887 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.667181969 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.668806076 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.668920994 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.668967962 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.669014931 CEST4435019835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.669178009 CEST50198443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.670737028 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.670766115 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.671065092 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.672342062 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.672403097 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.672568083 CEST4435019935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.672631979 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:24.672719002 CEST50199443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.003243923 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.003300905 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.003360987 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.008027077 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.008071899 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.008130074 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.008965969 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.008997917 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.009332895 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.009346962 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.948262930 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.948385000 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.950371981 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.950377941 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.950617075 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.951771021 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.951798916 CEST4435020735.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.951915026 CEST50207443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.953064919 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.953082085 CEST4435021035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.953169107 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.953391075 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:26.953399897 CEST4435021035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.125219107 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.125296116 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.133549929 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.133568048 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.133964062 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.135284901 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.135402918 CEST4435020535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.135473967 CEST50205443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.136513948 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.136559963 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.136637926 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.136826992 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.136842966 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.828342915 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.829341888 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.829401016 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.829679966 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.834429026 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.834461927 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.875410080 CEST4435021035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.895590067 CEST4435021035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.895678043 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.895705938 CEST50210443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.195208073 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.195278883 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.199507952 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.199537992 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.199786901 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.200855017 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.200894117 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.201056004 CEST4435021135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.201091051 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.201107979 CEST50211443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.202255011 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.202297926 CEST4435021535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.202372074 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.202799082 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.202822924 CEST4435021535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.918759108 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.920742989 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.920792103 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.920850992 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.921241045 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.921257973 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:28.963398933 CEST4435021535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.136025906 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.136106968 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.138057947 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.138072968 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.138314962 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.139734983 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.139789104 CEST4435021435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.139849901 CEST50214443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.272864103 CEST4435021535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.272929907 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:29.272948980 CEST50215443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.761926889 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.762013912 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.840205908 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.840245962 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.840696096 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.841671944 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.841768980 CEST4435021635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.841845036 CEST50216443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.938059092 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.938114882 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.938239098 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.945379972 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.945416927 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.948132992 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.948149920 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.948221922 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.948656082 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:30.948693037 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.114077091 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.114176989 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.115641117 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.115648031 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.115910053 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.116950035 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.117003918 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.117160082 CEST4435022135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.117182970 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.117221117 CEST50221443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.121880054 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.122006893 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.123514891 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.123532057 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.124316931 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.125319004 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.125406981 CEST4435022235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:32.125566006 CEST50222443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.141675949 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.141711950 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.141777992 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.142828941 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.142843962 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.580718994 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.580773115 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.580846071 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.581346035 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:34.581360102 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.194350958 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.194433928 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.196253061 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.196273088 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.196552992 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.197688103 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.197738886 CEST4435023035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.197865963 CEST50230443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.198852062 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.198916912 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.199136972 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.199340105 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:35.199362993 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.037395954 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.037477970 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.039119959 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.039133072 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.039397001 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.040929079 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.041013956 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.041163921 CEST4435023335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.041254044 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.041280985 CEST50233443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.114078045 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.114203930 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.168915987 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.168953896 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.169329882 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.212451935 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.212580919 CEST4435023435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:36.212657928 CEST50234443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:37.032012939 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:37.032054901 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:37.032182932 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:37.032879114 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:37.032895088 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.202990055 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.203073978 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.205796957 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.205805063 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.206459999 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.209445953 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.209490061 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.209650040 CEST4435024035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.209664106 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.209738016 CEST50240443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.033101082 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.033144951 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.033286095 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.035410881 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.035423040 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.036341906 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.036380053 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.036542892 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.037113905 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.037126064 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.974354029 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.974615097 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.976322889 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.976337910 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.976581097 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.977691889 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.977731943 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.977880955 CEST4435024835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.977972984 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:39.979407072 CEST50248443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.125066042 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.125391960 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.126907110 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.126918077 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.127154112 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.130301952 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.130350113 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.130510092 CEST4435024935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.130558014 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:40.131403923 CEST50249443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.829344988 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.829385996 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.830382109 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.830382109 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.830420971 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.834235907 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.834281921 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.838140965 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.838726997 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.838737965 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.757285118 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.757469893 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.760548115 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.760565996 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.760909081 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.762036085 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.762094021 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.762274027 CEST4435025435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.762351990 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.762351990 CEST50254443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.763597012 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.763647079 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.764098883 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.764281034 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.764298916 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.879915953 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.880003929 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.881905079 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.881928921 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.882225037 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.883553982 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.883594990 CEST4435025535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.883660078 CEST50255443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.884730101 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.884769917 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.884958982 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.885276079 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:42.885297060 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.668674946 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.668751955 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.671262980 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.671273947 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.671633959 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.673067093 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.673124075 CEST4435026035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.673181057 CEST50260443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.803127050 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.803278923 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.805707932 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.805711985 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.805948019 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.808340073 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.808371067 CEST4435026135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:43.808470964 CEST50261443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.782394886 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.782428980 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.782738924 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.783404112 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.783418894 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.785049915 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.785110950 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.785157919 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.785451889 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:45.785466909 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.688488007 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.688575029 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.690489054 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.690498114 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.690737009 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.691854954 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.691895008 CEST4435026835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.691981077 CEST50268443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.807472944 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.807550907 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.809349060 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.809356928 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.809595108 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.811294079 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.811330080 CEST4435026935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:46.811388016 CEST50269443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.454288006 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.454341888 CEST4435027435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.454437971 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.455087900 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.455100060 CEST4435027435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.456775904 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.456821918 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.457405090 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.457405090 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:47.457463980 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.427429914 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.475406885 CEST4435027435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.628895998 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.629018068 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.631210089 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.631233931 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.631534100 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.632738113 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.632801056 CEST4435027535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.632905960 CEST50275443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.633829117 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.633915901 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634183884 CEST4435027435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634294033 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634294033 CEST50274443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634308100 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634620905 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:48.634654045 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.559678078 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.559762001 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.562944889 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.562961102 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.563203096 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.566746950 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.566798925 CEST4435027835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.566862106 CEST50278443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.922981977 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.923021078 CEST4435028335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.923083067 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.931418896 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.931447983 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.931525946 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.932683945 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.932715893 CEST4435028335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.933404922 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.933423042 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.580923080 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.627404928 CEST4435028335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.849736929 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.849978924 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.853439093 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.853450060 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.853701115 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.858109951 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.858151913 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.858309031 CEST4435028435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.858376026 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.858376026 CEST50284443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.974797964 CEST4435028335.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.974895000 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:50.974895000 CEST50283443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.579531908 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.579574108 CEST4435028935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.579822063 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582020998 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582040071 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582133055 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582760096 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582760096 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582778931 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:51.582794905 CEST4435028935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.258379936 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.299405098 CEST4435028935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.488929033 CEST4435028935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.489015102 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.489047050 CEST50289443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.536003113 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.536075115 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.538320065 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.538328886 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.538559914 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.539958954 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.540014982 CEST4435029035.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.540067911 CEST50290443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.608431101 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.608484983 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.608786106 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.609334946 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:52.609354019 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.160001040 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.160063982 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.160156965 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.162641048 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.162657976 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.630335093 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.630503893 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.632091045 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.632102013 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.632308960 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.633335114 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.633371115 CEST4435029635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.633440971 CEST50296443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.635046959 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.635077953 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.635209084 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.635469913 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:53.635487080 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.074155092 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.074238062 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.076046944 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.076061010 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.076304913 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.077408075 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.077442884 CEST4435029835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.077491999 CEST50298443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.676120996 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.676204920 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.678638935 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.678651094 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.678896904 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.680233002 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.680267096 CEST4435029935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.680314064 CEST50299443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.682817936 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.682867050 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.682924032 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.685336113 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:54.685347080 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.586841106 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.586920023 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.588716030 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.588726997 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.588954926 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.590224981 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.590261936 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.590383053 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.590385914 CEST4435030235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.590435982 CEST50302443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.962351084 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.962390900 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.962445974 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.963469982 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.963485003 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.895045996 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.895134926 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.896771908 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.896781921 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.896970987 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.898032904 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.898056030 CEST4435030435.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.898107052 CEST50304443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.954307079 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.954353094 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.954627037 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.955910921 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.955924034 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:57.995997906 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:57.996093988 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:57.998558998 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:57.998573065 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:57.998835087 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:58.000250101 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:58.000298977 CEST4435030635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:58.000350952 CEST50306443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:59.631277084 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:59.631335974 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:59.631660938 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:59.647262096 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:59.647274971 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.122766972 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.122826099 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.122891903 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.154258966 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.154293060 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.590506077 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.590573072 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.593008041 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.593015909 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.593208075 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.594537973 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.594562054 CEST4435031135.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.594603062 CEST50311443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.975168943 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.975276947 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.977148056 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.977174997 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.977469921 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.978990078 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.979051113 CEST4435031235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:00.979238987 CEST50312443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:01.954608917 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:01.954688072 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:01.954864979 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:01.955257893 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:01.955280066 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.023776054 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.023869991 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.177298069 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.177350998 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.177726030 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.184921026 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.185000896 CEST4435031635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.185081005 CEST50316443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.193466902 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.193516016 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.193634987 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.195869923 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:03.195892096 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.086347103 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.086425066 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.088112116 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.088129997 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.088381052 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.090362072 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.090425968 CEST4435031835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:04.090468884 CEST50318443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:08.525629997 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:08.525676966 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:08.525743961 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:08.526493073 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:08.526504993 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.457825899 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.457906961 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.459441900 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.459450006 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.459652901 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.460474968 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.507405043 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.645164013 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.645243883 CEST4435032235.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.645653009 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:09.645895958 CEST50322443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.468765020 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.468815088 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.468888044 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469249964 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469261885 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469630003 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469640017 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469742060 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469904900 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:10.469914913 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.420701981 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.422077894 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.422113895 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.546667099 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.548052073 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.548084974 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.614280939 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.614361048 CEST4435032535.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.614413023 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.614869118 CEST50325443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.740911961 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.795691013 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.795717955 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.796278954 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.796432972 CEST4435032635.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.796550035 CEST50326443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.797447920 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.797497988 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.797561884 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.797945023 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.797962904 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.798016071 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.798077106 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.798142910 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.798312902 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:11.798321009 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.703455925 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.703617096 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.705332994 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.705343008 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.705557108 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.706423998 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.719492912 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.719727993 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.720897913 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.720911026 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.721149921 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.722002983 CEST50329443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.751405001 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.767409086 CEST4435032935.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.888503075 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.888676882 CEST4435032835.157.63.228192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.888742924 CEST50328443192.168.2.635.157.63.228
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:22:12.889086008 CEST50328443192.168.2.635.157.63.228

                                                                                                                                                                                                                                                                                                                                                UDP Packets

                                                                                                                                                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:06.312019110 CEST6009853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:15.125570059 CEST6260753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.735519886 CEST5200153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.743603945 CEST53520011.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.767107964 CEST5710453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.921693087 CEST5648753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST53564871.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.171075106 CEST5171653192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.176599026 CEST6118353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.184384108 CEST53611831.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:16.501494884 CEST5016353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.418646097 CEST4969553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:34.234806061 CEST5584453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.092403889 CEST6122853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.905839920 CEST5766153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.736536980 CEST6459453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.106082916 CEST6201753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.435729980 CEST6176853192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.136651993 CEST6266953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.612060070 CEST5746353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.335191965 CEST5470553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.536688089 CEST5265453192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.419632912 CEST6241353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:43.327984095 CEST5623953192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.542128086 CEST6211753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.477356911 CEST6509053192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.324235916 CEST5162753192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.522489071 CEST5017553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:17.768573046 CEST5741353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.749878883 CEST6201553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:33.829236031 CEST6099553192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.111888885 CEST5674253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.829348087 CEST6419253192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.002232075 CEST5542153192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.954232931 CEST5297353192.168.2.61.1.1.1
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.961611986 CEST53529731.1.1.1192.168.2.6
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.250017881 CEST6141953192.168.2.61.1.1.1

                                                                                                                                                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:06.312019110 CEST192.168.2.61.1.1.10x6b91Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:15.125570059 CEST192.168.2.61.1.1.10x8e74Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.735519886 CEST192.168.2.61.1.1.10x743eStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.767107964 CEST192.168.2.61.1.1.10xc026Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.921693087 CEST192.168.2.61.1.1.10x20d3Standard query (0)ps.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.171075106 CEST192.168.2.61.1.1.10xa057Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.176599026 CEST192.168.2.61.1.1.10x8d66Standard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:16.501494884 CEST192.168.2.61.1.1.10x89c5Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.418646097 CEST192.168.2.61.1.1.10x8b6bStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:34.234806061 CEST192.168.2.61.1.1.10x795eStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.092403889 CEST192.168.2.61.1.1.10x1d21Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.905839920 CEST192.168.2.61.1.1.10xc8efStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.736536980 CEST192.168.2.61.1.1.10x58bStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.106082916 CEST192.168.2.61.1.1.10x7565Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.435729980 CEST192.168.2.61.1.1.10x77dfStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.136651993 CEST192.168.2.61.1.1.10x8236Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.612060070 CEST192.168.2.61.1.1.10xa7a0Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.335191965 CEST192.168.2.61.1.1.10x960fStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.536688089 CEST192.168.2.61.1.1.10x49cbStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.419632912 CEST192.168.2.61.1.1.10x2346Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:43.327984095 CEST192.168.2.61.1.1.10x9bfeStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.542128086 CEST192.168.2.61.1.1.10xc41Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.477356911 CEST192.168.2.61.1.1.10xfb38Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.324235916 CEST192.168.2.61.1.1.10xbe78Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.522489071 CEST192.168.2.61.1.1.10x914dStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:17.768573046 CEST192.168.2.61.1.1.10x4c78Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.749878883 CEST192.168.2.61.1.1.10xfac4Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:33.829236031 CEST192.168.2.61.1.1.10xef97Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.111888885 CEST192.168.2.61.1.1.10xc54eStandard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.829348087 CEST192.168.2.61.1.1.10x52c6Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.002232075 CEST192.168.2.61.1.1.10x1099Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.954232931 CEST192.168.2.61.1.1.10x3ffcStandard query (0)ps.pndsn.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.250017881 CEST192.168.2.61.1.1.10xaed4Standard query (0)agent-api.atera.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:06.320704937 CEST1.1.1.1192.168.2.60x6b91No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:12.556471109 CEST1.1.1.1192.168.2.60x704bNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:12.556471109 CEST1.1.1.1192.168.2.60x704bNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:13.478143930 CEST1.1.1.1192.168.2.60x5437No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:13.478143930 CEST1.1.1.1192.168.2.60x5437No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:13.493344069 CEST1.1.1.1192.168.2.60xaea1No error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:13.493344069 CEST1.1.1.1192.168.2.60xaea1No error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:15.132425070 CEST1.1.1.1192.168.2.60x8e74No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.743603945 CEST1.1.1.1192.168.2.60x743eNo error (0)ps.pndsn.com35.157.63.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.743603945 CEST1.1.1.1192.168.2.60x743eNo error (0)ps.pndsn.com35.157.63.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:16.775194883 CEST1.1.1.1192.168.2.60xc026No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST1.1.1.1192.168.2.60x20d3No error (0)ps.atera.comd25btwd9wax8gu.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST1.1.1.1192.168.2.60x20d3No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.104A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST1.1.1.1192.168.2.60x20d3No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.124A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST1.1.1.1192.168.2.60x20d3No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.7A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:20.932584047 CEST1.1.1.1192.168.2.60x20d3No error (0)d25btwd9wax8gu.cloudfront.net13.35.58.59A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:27.178570986 CEST1.1.1.1192.168.2.60xa057No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.790638924 CEST1.1.1.1192.168.2.60x797dNo error (0)fp2e7a.wpc.2be4.phicdn.netfp2e7a.wpc.phicdn.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:18:28.790638924 CEST1.1.1.1192.168.2.60x797dNo error (0)fp2e7a.wpc.phicdn.net192.229.221.95A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.184384108 CEST1.1.1.1192.168.2.60x8d66No error (0)ps.pndsn.com35.157.63.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:07.184384108 CEST1.1.1.1192.168.2.60x8d66No error (0)ps.pndsn.com35.157.63.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:16.509738922 CEST1.1.1.1192.168.2.60x89c5No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:24.426390886 CEST1.1.1.1192.168.2.60x8b6bNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:34.242861032 CEST1.1.1.1192.168.2.60x795eNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:40.100348949 CEST1.1.1.1192.168.2.60x1d21No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:48.913006067 CEST1.1.1.1192.168.2.60xc8efNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:19:55.743769884 CEST1.1.1.1192.168.2.60x58bNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:04.114043951 CEST1.1.1.1192.168.2.60x7565No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:06.443500996 CEST1.1.1.1192.168.2.60x77dfNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:16.144083977 CEST1.1.1.1192.168.2.60x8236No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:20.619421959 CEST1.1.1.1192.168.2.60xa7a0No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:21.345061064 CEST1.1.1.1192.168.2.60x960fNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:28.544667006 CEST1.1.1.1192.168.2.60x49cbNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:37.443773031 CEST1.1.1.1192.168.2.60x2346No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:43.543761015 CEST1.1.1.1192.168.2.60x9bfeNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:20:53.570723057 CEST1.1.1.1192.168.2.60xc41No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:03.484533072 CEST1.1.1.1192.168.2.60xfb38No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:07.331716061 CEST1.1.1.1192.168.2.60xbe78No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:09.762629986 CEST1.1.1.1192.168.2.60x914dNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:17.794456959 CEST1.1.1.1192.168.2.60x4c78No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:27.757411003 CEST1.1.1.1192.168.2.60xfac4No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:33.837402105 CEST1.1.1.1192.168.2.60xef97No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:38.119108915 CEST1.1.1.1192.168.2.60xc54eNo error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:41.837296009 CEST1.1.1.1192.168.2.60x52c6No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:49.009814978 CEST1.1.1.1192.168.2.60x1099No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.961611986 CEST1.1.1.1192.168.2.60x3ffcNo error (0)ps.pndsn.com35.157.63.228A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:55.961611986 CEST1.1.1.1192.168.2.60x3ffcNo error (0)ps.pndsn.com35.157.63.229A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                Oct 2, 2024 19:21:56.279074907 CEST1.1.1.1192.168.2.60xaed4No error (0)agent-api.atera.comagentsapi.trafficmanager.netCNAME (Canonical name)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                • ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                • ps.atera.com

                                                                                                                                                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                0192.168.2.64972435.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC364OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f36f539c-eb12-4043-bfe7-1d97ad63c39f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:18 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 34 39 38 37 36 37 37 32 33 37 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278894987677237","r":43},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                1192.168.2.64972235.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC183OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=aba03e32-f581-41ec-8949-2ce94c13458d&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:18 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:18 UTC19INData Raw: 5b 31 37 32 37 38 38 39 34 39 38 38 37 30 36 33 35 34 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278894988706354]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                2192.168.2.64972935.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=00b247cc-4cad-4ea9-8d05-ff45cdabe262&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:20 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 30 30 30 39 39 34 33 39 30 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895000994390]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                3192.168.2.64973035.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=380907e5-e0c8-46fb-b9fe-40434342a790&tr=43&tt=17278894987677237&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:20 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 1874
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:20 UTC1874INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 30 30 34 37 37 38 36 33 37 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 30 64 63 37 66 37 62 35 2d 33 64 31 30 2d 34 39 38 31 2d 61 39 65 65 2d 36 35 61 64 62 35 35 38 36 38 33 61 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 30 30 34 37 37 38 36 33 37 22 2c 22 72 22 3a 34 33 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 32 33 30 62 37 38 2d 30 62 30 39 2d 34 30 32 36 2d 61 37 63 35 2d 35 66 65 34 63 39 64 31 35 62 34 63 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 31 37 32 64 35 35 30
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895004778637","r":43},"m":[{"a":"2","f":0,"i":"0dc7f7b5-3d10-4981-a9ee-65adb558683a","p":{"t":"17278895004778637","r":43},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95230b78-0b09-4026-a7c5-5fe4c9d15b4c","d":{"CommandId":"172d550


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                4192.168.2.64973413.35.58.1044432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:21 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                5192.168.2.64973235.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:21 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d393e12b-59f9-4e9a-bc9e-906a9df5d4e6&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:22 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:21 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:22 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 30 31 39 34 36 36 32 37 37 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895019466277]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                6192.168.2.64973335.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:21 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=6d801375-a995-437f-bb39-2b768a2ffc35&tr=43&tt=17278895004778637&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:22 UTC237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:22 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 1864
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:22 UTC1864INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 30 30 36 34 37 35 35 31 34 22 2c 22 72 22 3a 34 33 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 30 63 32 34 39 30 31 2d 65 37 37 61 2d 34 30 61 66 2d 39 65 36 65 2d 32 36 64 33 39 35 63 66 66 36 39 34 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 30 30 36 34 37 35 35 31 34 22 2c 22 72 22 3a 34 31 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 32 33 30 62 37 38 2d 30 62 30 39 2d 34 30 32 36 2d 61 37 63 35 2d 35 66 65 34 63 39 64 31 35 62 34 63 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 35 32 33 32 66 32 37
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895006475514","r":43},"m":[{"a":"2","f":0,"i":"b0c24901-e77a-40af-9e6e-26d395cff694","p":{"t":"17278895006475514","r":41},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95230b78-0b09-4026-a7c5-5fe4c9d15b4c","d":{"CommandId":"5232f27


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                7192.168.2.64973835.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:23 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52c8216d-05cf-454c-a953-97630402804f&tr=43&tt=17278895006475514&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                8192.168.2.64973735.157.63.2294432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:23 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=ea22bbfe-080d-4cf3-a894-9d96c46b6665&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:23 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:18:23 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:23 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 30 33 34 36 37 38 33 30 30 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895034678300]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                9192.168.2.64973913.35.58.1044432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC212OUTGET /agentpackagesnet45/AgentPackageAgentInformation/37.9/AgentPackageAgentInformation.zip?YogP9MrjNBNw2GANg1/E2mNsxFRMZBpkwPo+uNw+rhA/Nn2PbobOffT76+uvaJwT HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.atera.com
                                                                                                                                                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC672INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                                                                                                                                                Content-Length: 384543
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-MD5: PJOzmbQXsNaiMtOG5lqLRg==
                                                                                                                                                                                                                                                                                                                                                Last-Modified: Sun, 29 Sep 2024 08:51:39 GMT
                                                                                                                                                                                                                                                                                                                                                Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
                                                                                                                                                                                                                                                                                                                                                x-ms-request-id: 11f6d524-601e-0009-184d-123819000000
                                                                                                                                                                                                                                                                                                                                                x-ms-version: 2009-09-19
                                                                                                                                                                                                                                                                                                                                                x-ms-lease-status: unlocked
                                                                                                                                                                                                                                                                                                                                                x-ms-blob-type: BlockBlob
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 08:55:00 GMT
                                                                                                                                                                                                                                                                                                                                                ETag: 0x8DCE063EEA63683
                                                                                                                                                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                                                                                                                                                X-Cache: Hit from cloudfront
                                                                                                                                                                                                                                                                                                                                                Via: 1.1 503c2bd0b7e26f747c58a5188346ef54.cloudfront.net (CloudFront)
                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Pop: FRA60-P10
                                                                                                                                                                                                                                                                                                                                                X-Amz-Cf-Id: _55sizfH1fPMeNrZKDHX0idj0aI8tSHXW6oGZjSfIBBxeURiUHTN6Q==
                                                                                                                                                                                                                                                                                                                                                Age: 48246
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC15712INData Raw: 50 4b 03 04 2d 00 09 08 08 00 71 46 3d 59 a7 f8 74 0c ff ff ff ff ff ff ff ff 3d 00 14 00 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2f 41 67 65 6e 74 50 61 63 6b 61 67 65 41 67 65 6e 74 49 6e 66 6f 72 6d 61 74 69 6f 6e 2e 65 78 65 01 00 10 00 30 b6 02 00 00 00 00 00 e0 1b 01 00 00 00 00 00 a5 0f 92 f3 24 41 10 1e f2 3f 03 9d 4b c4 2a 10 1f 12 7b 4b d4 fe e2 3e 33 b5 a4 79 15 aa 6d 12 d1 37 c9 7c ba 9f 1c c2 e2 6c 34 bc 5f fb 3e d5 47 11 a6 be 99 d7 9d 87 08 ea 08 83 09 aa 05 0e 7d c6 90 70 dd ad 93 11 c3 99 82 b2 b9 9e 11 40 87 fc 11 a4 71 8a c6 e0 32 54 5f ea 31 5e 7c 0c cb 3b cf 56 f8 28 56 c3 3a 19 a0 1a 46 7c d6 7b 9d 6f 58 e1 d0 83 b5 0b d4 f9 e8 3e a9 88 11 e2 a6 9d 38 08 5d 51 4b 10 72 5d 33 7d 03 1f 68 8c
                                                                                                                                                                                                                                                                                                                                                Data Ascii: PK-qF=Yt=AgentPackageAgentInformation/AgentPackageAgentInformation.exe0$A?K*{K>3ym7|l4_>G}p@q2T_1^|;V(V:F|{oX>8]QKr]3}h
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC16384INData Raw: 3e 1d 68 ff 97 fa 80 fa 7d aa 92 57 ed f9 f1 f4 cc e0 29 90 39 98 76 cd d9 b5 40 6a 5f 35 6d b5 64 85 5a 36 fa 00 b0 fc 75 27 7a bd 26 c2 f4 d7 2a f8 32 e5 e3 eb 4d 0e a5 74 17 91 a0 85 35 12 a9 54 d0 54 78 79 31 24 40 1d cb 0a 27 5a d2 17 bd 02 13 ce f3 a7 6b 32 4a fb fa 79 46 4e 44 15 1c ba 86 e3 31 e1 10 4e bf 60 3e e2 70 ae 53 13 30 2f b7 3d 49 4b f5 9a f6 1e 52 c3 fb 82 e9 80 cb d0 2f d5 a5 e3 a9 9e e7 32 89 53 e3 74 a3 56 e0 1b 49 1a b6 d8 4c fe ba cf 8a 40 0c 88 4b 1c f4 a9 65 3f 16 56 97 db 9b 7c a4 9d 1d 76 70 07 33 1f 28 f7 85 ad 8f 11 64 fa 2d c1 45 40 af 0e 2c 23 f6 9a 30 a7 67 4b fd 4e ae f6 23 5b 32 79 39 93 7f df c4 66 49 1e 9c dc d0 56 f7 d1 68 31 35 74 7a 6f c5 4d 8f dc 98 63 dc f3 a9 8e 97 bc ec df d5 d0 04 62 27 a6 04 7a b9 01 f2 e2 df
                                                                                                                                                                                                                                                                                                                                                Data Ascii: >h}W)9v@j_5mdZ6u'z&*2Mt5TTxy1$@'Zk2JyFND1N`>pS0/=IKR/2StVIL@Ke?V|vp3(d-E@,#0gKN#[2y9fIVh15tzoMcb'z
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC16384INData Raw: 41 2b da ae fa 1c 7e 2b ee 14 47 51 96 d3 3e 3f 08 aa ed 41 57 e5 18 1d 84 76 f1 6f 8c 3a 81 1c f0 b1 16 84 11 93 ac 6f d1 ab bf 34 20 b1 dc b7 77 de 8a ac 68 31 d0 c1 5c e0 35 dc 30 f0 4b 7f af e1 7b 7f 65 68 2f 9f 5e 88 20 ec a4 a4 cc 48 d0 12 82 56 01 05 b9 94 03 26 7d 46 94 a7 4c 9d 1c 5a 79 0d 27 70 34 b7 98 ea 0f f5 54 c8 2e 7c e7 eb a1 34 78 3b 36 8f 45 86 92 b6 ab 15 5e 24 a3 02 ba 0e 4b b7 59 ff 9c dd 1a 3b 70 fb 18 16 53 b3 06 2a 1f 10 0b 72 21 4b ca b8 d8 88 a4 f0 23 6d 75 24 a2 fa 74 40 b9 0b 43 02 08 b2 fa 70 e3 44 58 64 45 17 8e ad d9 93 08 df 7d cb 96 b5 cb ca 99 c0 d4 fe 99 10 8e 86 fe 8a 33 64 d9 ac 54 6b 94 ff c4 92 d6 a7 16 ae 05 6c 29 c6 2b 89 a9 ff 53 aa 24 30 0e 24 fe 24 14 a5 f3 60 b3 2b 9a ca 0c f9 a2 cc b3 f2 8c 03 f0 74 d4 2c 78
                                                                                                                                                                                                                                                                                                                                                Data Ascii: A+~+GQ>?AWvo:o4 wh1\50K{eh/^ HV&}FLZy'p4T.|4x;6E^$KY;pS*r!K#mu$t@CpDXdE}3dTkl)+S$0$$`+t,x
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC16384INData Raw: 02 e7 4f c8 de 03 5a 03 94 7d 8e d2 81 b2 59 26 20 78 fc bc 05 fc fd 79 e3 1f cc c3 58 fa ac 92 32 1f a8 65 18 b8 c3 e1 28 b8 7a 7b 4e b8 7f a7 7c 2e 2b 55 d9 72 86 10 1e 57 e1 fb 01 e2 d5 f5 c2 e4 32 5b 7b 2c 87 a1 7e 62 0d ed cc 90 44 9f cb af 02 a2 7d 1f 6c f9 97 ea 58 08 9e 0e 01 a6 4b 37 53 ce a0 8f aa 9a 60 04 d3 cf ae 78 50 b1 0d 1d d0 39 ae 3f 68 be 85 d7 76 11 e1 d6 51 ff b3 32 41 ef 91 5f 4c 7b 6f e7 00 a8 5e 0a e1 a4 f3 0c a0 a7 87 1c f0 3e 07 aa b3 f4 92 36 ff f0 83 7c f1 b7 91 6e 8f 7a 06 be 28 8a f0 71 4b 07 0e 63 8f f6 68 05 31 f1 57 49 cf 78 cf 8d 1b c1 68 b0 ec f9 62 82 8f 92 d2 de 7a 4e 26 29 d8 37 32 8b 10 64 22 28 51 61 10 02 38 96 e1 04 b8 46 f1 6f 20 3a 49 8e cc 3b fb 83 a3 dc d2 49 05 64 fd 6b c3 0d 36 ef 1f cd 5a c0 0b f6 6f df 3c
                                                                                                                                                                                                                                                                                                                                                Data Ascii: OZ}Y& xyX2e(z{N|.+UrW2[{,~bD}lXK7S`xP9?hvQ2A_L{o^>6|nz(qKch1WIxhbzN&)72d"(Qa8Fo :I;Idk6Zo<
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC16384INData Raw: e3 6f 94 7b 2c 2a 5c 33 5b 48 0f 68 ed 34 b5 ea 64 74 cb dd 6f 90 5b 74 09 99 91 7c 88 4f 20 f8 48 71 d0 3e 5b 6f af ba d8 2c ea 0b 4b 82 0d 9c 40 79 36 1d 7a d5 55 cd 93 54 87 b9 d4 7c 10 da 33 7d 0c dc 54 7d 82 83 b8 fb 61 10 98 48 96 37 de 8f 9a 1c c4 c3 9b be 66 a1 2a 8e 3f 26 00 e4 c2 bf 32 28 1c f5 5b 7e 63 e4 d9 f0 0c ed 8f 30 41 08 cb 24 a9 d3 44 e8 03 df 01 8b b8 b8 f2 14 a7 fb 08 9b 34 2e ee 5d 8a e2 ae d1 49 21 91 d7 d4 46 a0 72 93 b9 ad 30 ea f9 f2 76 e8 1f c1 10 cd 28 f9 79 ff d7 a8 b0 e1 1a 97 11 4a 41 a2 20 fc 29 69 a0 49 b7 98 94 b5 f1 47 e7 4c b3 3c 76 dd 66 bc 69 d7 90 2d 31 13 02 78 63 f5 11 14 ee 76 62 79 a5 95 8a 12 10 54 89 c7 38 de da cc 05 fa 77 36 35 c1 4f 8c 07 46 7f 4a 0f 81 b6 07 b5 f7 f8 a8 5a f6 9a 92 ce 6e 2e 0f b1 01 b1 f3
                                                                                                                                                                                                                                                                                                                                                Data Ascii: o{,*\3[Hh4dto[t|O Hq>[o,K@y6zUT|3}T}aH7f*?&2([~c0A$D4.]I!Fr0v(yJA )iIGL<vfi-1xcvbyT8w65OFJZn.
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:27 UTC16384INData Raw: ec 7d e9 43 82 a7 32 e3 52 68 1a f7 25 a4 a1 f5 90 18 76 58 d5 4e f8 64 9d c5 cf 71 82 04 df 7e f9 4c ce 91 cb 36 6f da 1f a8 43 bf e5 e6 51 f3 b7 52 80 d2 62 89 d4 99 86 49 1b 58 ca 56 2c 27 42 ce 79 c3 1d b0 d2 1e b9 b5 cb cf b1 1b d8 84 b2 fc d5 e1 f9 c1 0f 82 f5 b0 4c 72 f7 b9 fe d8 9e 7e 2a 9a 50 1d 13 c9 56 e6 db 20 3f 66 a3 21 97 30 7d 95 2a ba bb ed 16 9d 49 71 21 f2 33 d2 88 97 a8 26 67 e1 7a 15 1f a3 57 4b cc b3 5b 4e e0 07 20 fc 50 47 2d 24 e7 58 dd a6 16 f4 b7 26 37 33 cb db 5c 92 d9 4d da 6c 3e 64 24 c4 ab 62 c9 f8 11 da 62 6e ff cf 2c 42 e7 90 c2 96 54 c1 b4 d0 82 b1 b8 f0 e2 46 ac ea ee 3b cb 94 8b 07 db 1e c2 07 9b 1a 71 f9 62 24 3d 46 a9 94 4a ee bb af db 84 3e 33 8d e0 4f 90 43 43 e3 2b b5 3d 97 90 3e 8e 46 48 fe 45 42 1c 90 18 72 14 02
                                                                                                                                                                                                                                                                                                                                                Data Ascii: }C2Rh%vXNdq~L6oCQRbIXV,'ByLr~*PV ?f!0}*Iq!3&gzWK[N PG-$X&73\Ml>d$bbn,BTF;qb$=FJ>3OCC+=>FHEBr
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:28 UTC16384INData Raw: d8 31 c7 3e f1 71 1b fc 4f 32 c5 e4 a9 ca 53 6c 41 b8 e2 ed 4b d9 c7 1e 83 6c c6 2c 47 10 21 64 f1 a8 6c 02 f6 7c d1 06 49 55 6e 07 92 ba 08 e4 6a 74 aa e6 03 d1 5b 56 77 3f f9 50 53 42 6c 3a 77 f8 01 ff 8c 68 81 f1 f5 4e 7d 9c a2 28 60 e8 91 f0 24 99 fb 05 ab 62 07 c2 d1 76 6f 3c 72 92 b0 74 39 f4 00 7b d9 1c 68 ca 8c c8 f4 38 9a 67 56 09 a0 0a ac a2 98 59 5d d4 4e 75 9f 49 9f 75 b2 4c ba 3c c3 37 71 99 1f a7 0c 92 df dc ce 1d 83 28 61 62 7d 2b 9c 69 0b a5 e5 e7 d2 e8 2c 20 6c 2e 06 b1 da e1 52 8c e3 87 b8 25 37 8e 7a 64 b0 36 9e 8f 14 f1 f6 b6 b6 29 67 5d 81 92 bc c7 8a a5 e5 9d 01 e2 55 04 ce fd 6d b5 15 f0 bc f5 78 d8 bc 12 d5 fd 4c ca f3 7f 92 e7 ee 99 68 01 fd e4 06 bc 3c d6 9c cb 6a 53 20 b7 f8 a5 84 a1 26 94 d7 69 37 1f 3b ec 49 54 95 83 25 bf ed
                                                                                                                                                                                                                                                                                                                                                Data Ascii: 1>qO2SlAKl,G!dl|IUnjt[Vw?PSBl:whN}(`$bvo<rt9{h8gVY]NuIuL<7q(ab}+i, l.R%7zd6)g]UmxLh<jS &i7;IT%
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:28 UTC16384INData Raw: fa f8 85 4a aa c5 22 fd ff ca 3d 81 79 22 af bb 45 6f d4 ae f0 7d b1 dc a3 99 54 d1 df 8c bd 93 90 9c fe 3b 2e b8 dd ab 3b 6a c2 50 f1 ec cb 98 cb 29 fa 57 4e 8c dd 85 24 48 73 c6 68 6d d5 54 28 ac 91 4a 40 e4 a4 c5 1e 4f 0e c8 8e 47 83 77 90 79 9b 79 d6 c6 90 c7 f7 1a 02 c8 84 e8 70 5c 6a 25 cb e7 c2 a8 1d ab d2 b5 50 a6 ec ed a5 09 57 c8 7b d0 54 6a da 40 4e e4 f0 86 0e ba 5f 00 6d 16 a2 34 1b 66 f4 04 dd f1 c4 c9 e0 89 58 cd 62 fb ab 43 e3 4f e3 3e 04 c6 83 9d 40 dd 7e a2 d6 9c 67 0c 60 05 66 0b 62 26 02 92 87 62 bf bb 43 4f 4c 30 7f e5 bb 63 79 10 86 36 ec 6b cc 09 44 c0 01 86 23 81 aa 85 b3 fe d4 ed 56 d3 9d d3 2b 9e 82 fb 6c 5f 8e bd c7 61 7a f5 9d a0 ee 5a fb 52 54 07 51 2c 28 2e 3a 6e 4a 19 91 01 da be d0 c7 25 e1 9b 4b ef b3 93 a1 c9 93 55 29 24
                                                                                                                                                                                                                                                                                                                                                Data Ascii: J"=y"Eo}T;.;jP)WN$HshmT(J@OGwyyp\j%PW{Tj@N_m4fXbCO>@~g`fb&bCOL0cy6kD#V+l_azZRTQ,(.:nJ%KU)$
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:28 UTC16384INData Raw: 7a ef 80 71 91 61 38 7a f6 bf 32 83 bb fd a6 f1 9f 6f 55 74 4b d5 ae 75 58 24 be b4 8b 13 6e 5e e1 28 5e cf 6f 76 f2 ae 73 a7 60 0b 04 01 49 5f ad 3a 22 12 14 f2 31 ef b4 72 fc af 81 53 93 38 58 47 86 12 78 f5 38 74 31 cf 5d 3a 16 7b 99 74 0a 10 8d 77 8e 44 8e 5e ac 89 2e 95 d1 51 c4 75 b0 ae ca 0c 69 8f 1b f5 a3 aa 0d 19 51 fe d3 51 f3 4f 7f 44 1f f8 b3 f6 bd 58 b4 ab 5b e2 be 45 b5 34 2c 90 86 9a 6f eb db b0 3c aa 00 97 09 2e 52 e0 ac 5a 75 5c a9 2a 4a bd d3 be e5 f5 dc 23 77 2f 3e 0b 3b 88 ca 1a 50 63 4b f6 70 30 03 75 a7 8c de 9b 16 3b 65 c5 2b 53 9f 96 f6 db c1 53 52 fa 56 82 0c 3b 02 f0 93 44 8c 38 1b f8 77 ab c0 05 60 a4 7b a2 71 b0 2e 9b d4 48 da f3 21 f8 42 cf 40 45 c9 b6 2a a6 8e cf d2 ff c5 a4 14 2c ec 82 ef 59 73 b8 58 95 46 e1 31 d0 3d e1 a0
                                                                                                                                                                                                                                                                                                                                                Data Ascii: zqa8z2oUtKuX$n^(^ovs`I_:"1rS8XGx8t1]:{twD^.QuiQQODX[E4,o<.RZu\*J#w/>;PcKp0u;e+SSRV;D8w`{q.H!B@E*,YsXF1=
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:18:28 UTC16384INData Raw: e8 c2 7e f9 05 41 4e aa 70 c3 38 23 92 8a 8f 81 da 82 a5 d0 2d b4 3e 8b 16 64 af 4a c6 95 e6 cc ad 62 86 78 8b 08 c5 d2 e7 1b 5b 2b 0f dd b9 68 fc 81 f6 c9 52 51 57 86 a3 7c 17 42 8a 8b 7d bc de 90 2b 33 6f c3 37 9f 8c 33 a9 20 a9 98 ad 6a 67 6d 9e 0e 2f 49 8f 84 27 69 e9 61 da 24 54 e6 ba b1 af d7 5d 59 24 4b 62 ba 8b 71 1d ac ef b9 5e cd 38 19 37 f9 44 c0 82 a0 36 86 eb e8 07 4f 45 a9 ec 5e f1 c6 b4 b6 c5 69 8f 06 28 61 a5 4a e0 b4 bd 31 22 a5 b9 70 af ed 2a 50 bd b8 27 b0 0e 53 a8 09 1c 5e ac 64 b3 84 eb 3a 9a 42 e4 bf 24 ac 2c 8c 9b 69 8e f9 77 f7 f5 de e3 01 85 c4 33 05 43 b4 7f 7b e1 c1 be f1 4f fb b6 14 fc 9c 08 8e ec d5 f3 40 b3 d7 59 28 86 bc 7a 75 4d 37 30 f3 e0 f1 b7 f6 e1 60 a4 8d 39 68 52 a5 e0 05 da a4 e9 48 f1 83 70 11 a2 34 83 54 b0 43 cd
                                                                                                                                                                                                                                                                                                                                                Data Ascii: ~ANp8#->dJbx[+hRQW|B}+3o73 jgm/I'ia$T]Y$Kbq^87D6OE^i(aJ1"p*P'S^d:B$,iw3C{O@Y(zuM70`9hRHp4TC


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                10192.168.2.64974735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:08 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=1a4a5d4f-5b09-4fad-801d-892636c9dc6a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:08 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:08 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:08 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 34 38 32 33 36 38 34 34 30 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895482368440]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                11192.168.2.64974835.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:09 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=c5ea83a9-6787-461b-8a54-7de49826b09e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:09 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:09 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:09 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                12192.168.2.64975235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=db56a22c-5f27-4d90-bb5f-c1c03b70a2f0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:25 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                13192.168.2.64975335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c3db43af-b183-4a52-8bab-34b9b35414fc&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:25 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:25 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 36 35 36 31 32 38 33 33 31 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895656128331]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                14192.168.2.64975535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:26 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9cb48613-11df-4d8d-bc5c-fa5e5ab558d5&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:26 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:26 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:26 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 30 30 36 34 37 35 35 31 34 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895006475514","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                15192.168.2.64975735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:27 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e6d10987-75b3-41c1-a771-6d1daf1f7e97&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:27 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:27 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:27 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 36 37 39 30 34 35 38 33 39 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895679045839]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                16192.168.2.64976035.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:28 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bf8cfa76-7e1e-40bc-8430-cbc98e2b9cf4&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:28 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:28 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:28 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                17192.168.2.64976435.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:29 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=74bc8fec-f7c7-42f9-bbb5-52fc69f7a991&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:29 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:29 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:29 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                18192.168.2.64976735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bca747a8-f8aa-4561-b240-83faa7e7e63d&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:31 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 37 30 34 31 35 34 34 30 30 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895704154400","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                19192.168.2.64976535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=6728aeeb-ea10-4200-b8f3-dc55e64f1910&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:31 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:31 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 37 31 32 37 30 33 34 34 30 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895712703440]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                20192.168.2.64976835.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:32 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=396ed718-c52f-4436-be61-3047cc7c4a72&tr=42&tt=17278895704154400&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:32 UTC237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:32 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 1859
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:32 UTC1859INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 37 32 37 36 35 37 36 39 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 66 37 36 34 39 32 39 2d 65 64 65 36 2d 34 37 37 33 2d 62 31 34 65 2d 63 61 38 31 64 62 33 64 30 39 65 37 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 37 32 37 36 35 37 36 39 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 32 33 30 62 37 38 2d 30 62 30 39 2d 34 30 32 36 2d 61 37 63 35 2d 35 66 65 34 63 39 64 31 35 62 34 63 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 36 33 66 64 38 32 30
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895727657695","r":42},"m":[{"a":"2","f":0,"i":"bf764929-ede6-4773-b14e-ca81db3d09e7","p":{"t":"17278895727657695","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95230b78-0b09-4026-a7c5-5fe4c9d15b4c","d":{"CommandId":"63fd820


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                21192.168.2.64977335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:33 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=851fda1c-40e7-4860-a1ac-7bad32d44904&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:33 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:33 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:33 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 37 33 38 36 37 36 35 34 35 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895738676545]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                22192.168.2.64977435.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:33 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=4f87737f-1b62-4af8-b79d-0d83dea7e1ad&tr=42&tt=17278895727657695&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                23192.168.2.64978135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:41 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d5643216-616f-4378-8575-222d8fa4f458&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:41 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:41 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:41 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 38 31 31 32 31 37 36 38 37 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895811217687]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                24192.168.2.64978535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8a4128bc-8a19-4909-a1e6-b35d010bab34&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:42 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                25192.168.2.64978635.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0b04195d-e261-4ae6-9124-2e9ef139c80e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:42 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:42 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 38 32 34 35 38 36 38 33 39 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895824586839]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                26192.168.2.64979135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=16f10dd5-c904-4ca2-9553-772cf48281d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:43 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 1
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                27192.168.2.64979235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8ad3dbb8-dc1b-4e34-9cfd-9bde8068a524&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:43 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:43 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                28192.168.2.64979535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:44 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=bb15c2cd-6944-449d-a45c-725c69499a75&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:44 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:44 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:44 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                29192.168.2.64979735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:44 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=52378df9-3005-41cc-99a3-005f1aea746b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:45 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:44 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 2
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:45 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                30192.168.2.64980135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:45 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0e034632-921f-4c18-8631-e930e7781cdd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:46 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:46 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:46 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 38 36 30 31 30 34 36 30 39 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895860104609]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                31192.168.2.64980335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:46 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f72e8789-8756-4d61-b645-903501079ede&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:46 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:46 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:46 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 37 32 37 36 35 37 36 39 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895727657695","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                32192.168.2.64980435.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=82e1c4c5-92aa-4a47-9b1c-e11c9784fe8f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:47 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 2
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                33192.168.2.64980735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=efbebcfb-7bb3-43e2-b11d-755acc1cb2ea&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:47 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:47 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 38 37 34 32 33 34 34 31 35 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895874234415]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                34192.168.2.64981035.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:48 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=008faf90-ab1c-4899-89f6-2dbcd7a42fd9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:48 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:48 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:48 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                35192.168.2.64981135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:49 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=ca02cb15-9afc-4f4c-87ba-02c0d5b8b22e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:49 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:49 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:49 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                36192.168.2.64981535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:50 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=79289950-7a17-428a-947f-ec76be2af615&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:50 UTC306INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:50 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 21
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:50 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                37192.168.2.64981635.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7550efe2-9858-4f29-a8d7-d203f10abde8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:51 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 39 31 31 37 33 33 38 38 32 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895911733882]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                38192.168.2.64982235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=a8e97ced-6d99-4374-ba29-94890053de07&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:51 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:51 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 38 38 33 37 36 39 36 38 32 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895883769682","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                39192.168.2.64982735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:52 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=00b37824-93b6-4d7a-b2dc-353b2c5821b2&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:52 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:52 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:52 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                40192.168.2.64982835.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:52 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe9a9b1c-a39b-458e-8a93-5d2da71a97cf&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:53 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:52 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:53 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 39 32 39 34 34 32 31 34 31 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895929442141]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                41192.168.2.64983335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:53 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=1d9a933c-b5be-47b9-a98d-bd9c82ae0d0b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:54 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:54 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:54 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                42192.168.2.64983735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=3676162b-6928-4fd8-b93b-5b9fd57a4bc9&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:55 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 2
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                43192.168.2.64983635.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=14dba20c-b22d-4871-8f59-85d736c9c8d6&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:55 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:55 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 39 34 31 35 35 35 36 37 30 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895941555670","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                44192.168.2.64984135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1324944-3eb5-4603-b606-61bac33d279e&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC306INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:56 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 27
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                45192.168.2.64984335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=c36b9e71-cfbf-49fb-af12-137d82096f5b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:56 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:56 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 39 36 36 33 31 32 33 33 34 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895966312334]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                46192.168.2.64984735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:57 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=249c43d7-88d8-467f-9b13-1cfc96512eed&tr=42&tt=17278895941555670&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:57 UTC237INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:57 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 1884
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:57 UTC1884INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 39 37 31 36 31 31 33 33 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 7b 22 61 22 3a 22 32 22 2c 22 66 22 3a 30 2c 22 69 22 3a 22 62 30 63 32 34 39 30 31 2d 65 37 37 61 2d 34 30 61 66 2d 39 65 36 65 2d 32 36 64 33 39 35 63 66 66 36 39 34 22 2c 22 70 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 39 37 31 36 31 31 33 33 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6b 22 3a 22 73 75 62 2d 63 2d 61 30 32 63 65 63 61 38 2d 61 39 35 38 2d 31 31 65 35 2d 62 64 38 63 2d 30 36 31 39 66 38 39 34 35 61 34 66 22 2c 22 63 22 3a 22 39 35 32 33 30 62 37 38 2d 30 62 30 39 2d 34 30 32 36 2d 61 37 63 35 2d 35 66 65 34 63 39 64 31 35 62 34 63 22 2c 22 64 22 3a 7b 22 43 6f 6d 6d 61 6e 64 49 64 22 3a 22 37 32 62 39 37 38 34
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895971611335","r":42},"m":[{"a":"2","f":0,"i":"b0c24901-e77a-40af-9e6e-26d395cff694","p":{"t":"17278895971611335","r":42},"k":"sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f","c":"95230b78-0b09-4026-a7c5-5fe4c9d15b4c","d":{"CommandId":"72b9784


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                47192.168.2.64985535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:58 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f8bbbde1-132d-4c8b-a3f7-92801d85c6f6&tr=42&tt=17278895971611335&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                48192.168.2.64985435.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:58 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fa8df594-b53d-487d-a304-ba12fa5b05b3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:59 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:19:58 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:19:59 UTC19INData Raw: 5b 31 37 32 37 38 38 39 35 39 38 38 36 36 35 32 37 32 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278895988665272]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                49192.168.2.64986335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e051bd32-0461-46bc-8f46-18bc35b67f58&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:01 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 30 31 35 39 39 33 34 33 34 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896015993434]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                50192.168.2.64986235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5d17a2da-332b-4264-ba43-80ed873a75d5&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:01 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:01 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                51192.168.2.64987235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:03 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=d54a26d4-9bd6-42e4-80a6-a4a4e3ba5c02&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:03 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:03 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:03 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 30 33 33 32 36 36 37 38 39 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896033266789]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                52192.168.2.64987635.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:03 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=526a1f2f-a5ab-4bde-a18e-298b4847f820&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:04 UTC306INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:04 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 21
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:04 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                53192.168.2.64987935.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:04 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0f2d6a2a-9340-4424-a547-559400fd8463&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:05 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:04 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:05 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 30 34 39 33 37 30 38 35 36 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896049370856]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                54192.168.2.64988335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:05 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d8afe7cc-9cec-4ac9-a211-a601f770ea27&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:05 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:05 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:05 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 39 37 31 36 31 31 33 33 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895971611335","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                55192.168.2.64988535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=0b7b885a-94d1-4d36-95b0-fc7e6fc59620&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:06 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 35 39 37 31 36 31 31 33 33 35 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278895971611335","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                56192.168.2.64988935.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC354OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/leave?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=cf3cae32-92fb-4e81-9496-f8af61b2fa4a&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:06 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 74
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:06 UTC74INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 61 63 74 69 6f 6e 22 3a 20 22 6c 65 61 76 65 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "action": "leave", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                57192.168.2.64989335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:07 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=8e131c63-2299-4880-a366-a776a97dd0d3&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:07 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:07 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:07 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 30 37 36 33 34 32 38 36 33 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896076342863]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                58192.168.2.64990135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:08 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=51f162c7-d222-4991-a832-8f92cc099f2b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:09 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:08 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:09 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 30 38 39 32 36 35 32 35 33 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896089265253]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                59192.168.2.64990035.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:08 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=e081e7e0-a9d2-4109-9370-9c9c176afebd&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:09 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:09 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:09 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                60192.168.2.64990935.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:10 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=9971de24-c245-46f4-9d3f-d02f38f0d7af&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:11 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:10 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 1
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:11 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                61192.168.2.64990835.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:10 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=587dc040-7dcb-4e3f-a1ce-624d9532bced&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:11 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:11 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:11 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 31 31 30 36 30 31 31 33 30 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896110601130]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                62192.168.2.64992335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=0057edd1-fdd5-48b9-8810-4c380add5c94&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:13 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 31 33 32 30 38 38 30 32 37 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896132088027]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                63192.168.2.64992735.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=d861a120-c366-48a0-bdd6-393525d9ab24&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:13 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:13 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                64192.168.2.64993235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:14 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=fe4dc753-76d3-47b1-b870-ca18c7257e67&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:14 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:14 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:14 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 31 34 34 34 32 38 33 33 38 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896144428338]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                65192.168.2.64993435.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:16 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=5c45c37a-efc4-492f-83b1-e18abf8aff03&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:16 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:16 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 7
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:16 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                66192.168.2.64994635.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f2d0a29d-70d7-43cd-8021-6401d6433d4a&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:17 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 36 30 38 33 33 33 39 38 34 36 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278896083339846","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                67192.168.2.64994335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=33567a39-1018-4253-b589-cca2355f89b1&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:17 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:17 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 31 37 35 38 32 31 33 34 32 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896175821342]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                68192.168.2.64994835.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=2e5bb07e-44ac-4f12-8635-048ca789db44&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:18 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 36 30 38 33 33 33 39 38 34 36 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278896083339846","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                69192.168.2.64995135.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC358OUTGET /v2/presence/sub_key/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/channel/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/heartbeat?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=41fc8591-dd69-4f5b-a48c-932e4462c851&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC305INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:18 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 55
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: OPTIONS, GET, POST
                                                                                                                                                                                                                                                                                                                                                Age: 0
                                                                                                                                                                                                                                                                                                                                                Server: Pubnub Presence
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:18 UTC55INData Raw: 7b 22 73 74 61 74 75 73 22 3a 20 32 30 30 2c 20 22 6d 65 73 73 61 67 65 22 3a 20 22 4f 4b 22 2c 20 22 73 65 72 76 69 63 65 22 3a 20 22 50 72 65 73 65 6e 63 65 22 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"status": 200, "message": "OK", "service": "Presence"}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                70192.168.2.64995335.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:19 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=12b69d45-e208-429e-a1ba-7a4685b8d33f&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:19 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:19 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:19 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 31 39 37 34 38 31 34 32 38 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896197481428]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                71192.168.2.64995535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:19 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=165e6729-6dc8-407f-96f8-476143fe89f4&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:21:06 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:21:06 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:21:06 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 36 30 38 33 33 33 39 38 34 36 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278896083339846","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                72192.168.2.64996235.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:20 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=f1517159-0a09-4cba-8a1d-213d326612aa&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:20 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:20 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:20 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 36 30 38 33 33 33 39 38 34 36 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278896083339846","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                73192.168.2.64996535.157.63.2284432404C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:21 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=cd5dc503-93f3-49c6-a09d-9a7cb6289240&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:22 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:20:21 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:20:22 UTC19INData Raw: 5b 31 37 32 37 38 38 39 36 32 31 39 38 37 37 33 38 36 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278896219877386]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                74192.168.2.65032235.157.63.228443
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:09 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=e5a45665-f96e-48ac-9e65-cc9a23f1c43b&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:09 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:22:09 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:09 UTC19INData Raw: 5b 31 37 32 37 38 38 39 37 32 39 35 35 31 30 36 35 33 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278897295510653]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                75192.168.2.65032535.157.63.228443
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=7d1d3776-a9ff-4157-bb82-b018697910e8&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:22:11 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC19INData Raw: 5b 31 37 32 37 38 38 39 37 33 31 35 31 34 35 33 35 38 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278897315145358]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                76192.168.2.65032635.157.63.228443
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC340OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=61259368-8a2d-4297-b191-f4a387ad4f8f&tt=0&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC235INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:22:11 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Content-Length: 45
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                                                                                                                                                Access-Control-Allow-Methods: GET
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:11 UTC45INData Raw: 7b 22 74 22 3a 7b 22 74 22 3a 22 31 37 32 37 38 38 39 36 30 38 33 33 33 39 38 34 36 22 2c 22 72 22 3a 34 32 7d 2c 22 6d 22 3a 5b 5d 7d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: {"t":{"t":"17278896083339846","r":42},"m":[]}


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                77192.168.2.65032835.157.63.228443
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:12 UTC159OUTGET /time/0?pnsdk=NET45CSharp6.13.0.0&requestid=4f5157e7-f4c6-446f-92dd-afae16e89968&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:12 UTC168INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                Date: Wed, 02 Oct 2024 17:22:12 GMT
                                                                                                                                                                                                                                                                                                                                                Content-Type: text/javascript; charset="UTF-8"
                                                                                                                                                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                                                                                                                                                Content-Length: 19
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:12 UTC19INData Raw: 5b 31 37 32 37 38 38 39 37 33 32 37 39 34 34 35 34 36 5d
                                                                                                                                                                                                                                                                                                                                                Data Ascii: [17278897327944546]


                                                                                                                                                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination Port
                                                                                                                                                                                                                                                                                                                                                78192.168.2.65032935.157.63.228443
                                                                                                                                                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                2024-10-02 17:22:12 UTC362OUTGET /v2/subscribe/sub-c-a02ceca8-a958-11e5-bd8c-0619f8945a4f/95230b78-0b09-4026-a7c5-5fe4c9d15b4c/0?heartbeat=93&pnsdk=NET45CSharp6.13.0.0&requestid=8180b6be-ed13-47f3-8b34-1428ceb5eb37&tr=42&tt=17278896083339846&uuid=95230b78-0b09-4026-a7c5-5fe4c9d15b4c HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                                                                                                                                                Host: ps.pndsn.com


                                                                                                                                                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:00
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\msiexec.exe" /i "C:\Users\user\Desktop\9rSeCZbjZE.msi"
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6f6040000
                                                                                                                                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:00
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\msiexec.exe /V
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff6f6040000
                                                                                                                                                                                                                                                                                                                                                File size:69'632 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:E5DA170027542E25EDE42FC54C929077
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:01
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 91E370BBCC1D3B173FA78F8D350BDC0E
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x890000
                                                                                                                                                                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:4
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:01
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Windows\Installer\MSI8AD6.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6786046 2 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.GenerateAgentId
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x580000
                                                                                                                                                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000004.00000003.2145704087.0000000004049000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:5
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:03
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Windows\Installer\MSI90F1.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6787359 6 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiStart
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x580000
                                                                                                                                                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2196990122.00000000046E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000003.2155159559.00000000044FD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000005.00000002.2196990122.0000000004784000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:6
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:04
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k LocalService -p -s LicenseManager
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff7403e0000
                                                                                                                                                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:07
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Windows\Installer\MSIA257.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6791812 11 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ShouldContinueInstallation
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x580000
                                                                                                                                                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000008.00000003.2199879729.0000000004224000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\msiexec.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\syswow64\MsiExec.exe -Embedding 94F3C551036B6C48A24EF7F120DCA15A E Global\MSI0000
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x890000
                                                                                                                                                                                                                                                                                                                                                File size:59'904 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:9D09DC1EDA745A5F87553048E57620CF
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\net.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:"NET" STOP AteraAgent
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x6a0000
                                                                                                                                                                                                                                                                                                                                                File size:47'104 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31890A7DE89936F922D44D677F681A7F
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\net1.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\net1 STOP AteraAgent
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x8a0000
                                                                                                                                                                                                                                                                                                                                                File size:139'776 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:2EFE6ED4C294AB8A39EB59C80813FEC1
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:"TaskKill.exe" /f /im AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                Imagebase:0xaf0000
                                                                                                                                                                                                                                                                                                                                                File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:09
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:15
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:10
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe" /i /IntegratorLogin="Moshe@nlc.co.il" /CompanyId="1" /IntegratorLoginUI="" /CompanyIdUI="" /FolderId="" /AccountId="001Q300000MFxEPIA1" /AgentId="95230b78-0b09-4026-a7c5-5fe4c9d15b4c"
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x227f6790000
                                                                                                                                                                                                                                                                                                                                                File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2261210966.00000227F6C40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.000002278017C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.0000022780089000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2270413033.00000227F9000000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2271843953.00007FFD341B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.000002278008C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F6A0B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.00000227800B2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2270413033.00000227F8FE0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000000.2228891996.00000227F6792000.00000002.00000001.01000000.0000000F.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2270357117.00000227F8FD0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F69E6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.0000022780132000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F6A6F000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.00000227800B4000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2259421708.0000022780001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F69E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F6A21000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2260756977.00000227F6AAD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000000F.00000002.2270413033.00000227F901D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                • Detection: 26%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:16
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:13
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\AteraAgent.exe"
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x29a8f7c0000
                                                                                                                                                                                                                                                                                                                                                File size:145'968 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:477293F80461713D51A98A24023D45E8
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4583954735.0000029A8FCA0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4582467774.0000029A8F9BC000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A903F3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A9021A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4576486295.000000C7BF4F5000.00000004.00000010.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4582467774.0000029A8F8E0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4595230345.0000029AA8E42000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A901B1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A90833000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A9030A000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4595230345.0000029AA8D5D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4593698303.0000029AA8B39000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4582467774.0000029A8F91E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4584191988.0000029A90B25000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4582320301.0000029A8F870000.00000004.00000020.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000010.00000002.4582467774.0000029A8F96A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:13
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\sc.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Windows\System32\sc.exe" failure AteraAgent reset= 600 actions= restart/25000
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff674cf0000
                                                                                                                                                                                                                                                                                                                                                File size:72'192 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:3FB5CF71F7E7EB49790CB0E663434D80
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:13
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:15
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                Commandline:rundll32.exe "C:\Windows\Installer\MSIBFA8.tmp",zzzzInvokeManagedCustomActionOutOfProc SfxCA_6799296 33 AlphaControlAgentInstallation!AlphaControlAgentInstallation.CustomActions.ReportMsiEnd
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x580000
                                                                                                                                                                                                                                                                                                                                                File size:61'440 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:889B99C52A60DD49227C5E485A016679
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000003.2275227781.0000000004879000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2321796339.0000000004AC7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000013.00000002.2321796339.0000000004A21000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:29
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "172d5505-5af0-4cb3-8690-0091fd98422a" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x2cda0240000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2439180318.000002CDA0350000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2439795029.000002CDA0570000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2440110075.000002CDA0C71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2439180318.000002CDA039D000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2440110075.000002CDA0CB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2440110075.000002CDA0CE3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2439180318.000002CDA0310000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000000.2414703923.000002CDA0242000.00000002.00000001.01000000.00000016.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2440110075.000002CDA0CF3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000016.00000002.2440110075.000002CDA0D2F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_GenericDownloader_1, Description: Yara detected Generic Downloader, Source: C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:23
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:29
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:29
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "5232f273-c62e-437a-a74a-dca82f700d20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x232d74f0000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D77C5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D7748000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D7780000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2440060207.00000232D7F63000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439909255.00000232D78B2000.00000002.00000001.01000000.00000018.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D775B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439120515.00000232D7690000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2440060207.00000232D7F73000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D777C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2439303266.00000232D7740000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000018.00000002.2440060207.00000232D7EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                                                                                                                                                Start time:13:18:29
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:32
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "79c2d964-37c1-436b-8678-a4e34369f725" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x13a390b0000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A39330000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3083850156.0000013A39BA3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A393EE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A39339000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A39378000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A393B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3081892011.0000013A395F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3083850156.0000013A39B31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A3936C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3083850156.0000013A39B77000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3083850156.0000013A39BB3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3083850156.0000013A39BEF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001B.00000002.3079848462.0000013A3934B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:28
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:33
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:33
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "63fd8206-ed43-4ef7-8433-4a2d0eb92cc2" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x1bc18730000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3088059317.000001BC31A40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081521658.000001BC18928000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3085296572.000001BC19151000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081775812.000001BC189A5000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3085296572.000001BC19197000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081521658.000001BC18920000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081172588.000001BC188C0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081775812.000001BC1893B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081775812.000001BC18963000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3081775812.000001BC1895B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3085296572.000001BC1920F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3085296572.000001BC191D3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001D.00000002.3085296572.000001BC191C3000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:33
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:59
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "ac52b191-a405-4d89-8808-a9c06c02ac20" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x290fb7e0000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3352740799.00000290FB8AB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3346479513.00000290FB890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3354008998.00000290FBB40000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3352740799.00000290FB919000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3342887037.00000290800BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3352740799.00000290FB8D3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3353498099.00000290FB940000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3342887037.0000029080047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3342887037.0000029080083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3342887037.0000029080073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3352740799.00000290FB8CB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3346479513.00000290FB898000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 0000001F.00000002.3342887037.0000029080001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                                                                                                                                                                Start time:13:19:59
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:08
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "05b46de6-24e7-4784-8ae7-29fe3f62e039" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x24d74550000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3432709882.0000024D00083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3432709882.0000024D00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3432709882.0000024D00073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3437507331.0000024D748A0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3432709882.0000024D00047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3432709882.0000024D000BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3437826124.0000024D75766000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3436279705.0000024D7475C000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3436279705.0000024D74728000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3436279705.0000024D747A4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000021.00000002.3436279705.0000024D74720000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:08
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:18
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "72b97848-a05f-4dfa-a8b2-0f7698832a4d" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x18f7e6f0000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3539340207.0000018F7E890000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3541368660.0000018F7F8F0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3539340207.0000018F7E8CF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3539340207.0000018F7E899000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3539340207.0000018F7E8CD000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3536757175.0000018F00083000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3536757175.0000018F000BF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3539340207.0000018F7E91B000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3541063423.0000018F7EA70000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3536757175.0000018F00047000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3536757175.0000018F00001000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000023.00000002.3536757175.0000018F00073000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:18
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:27
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\ATERA Networks\AteraAgent\Packages\AgentPackageAgentInformation\AgentPackageAgentInformation.exe" 95230b78-0b09-4026-a7c5-5fe4c9d15b4c "9b12e3ad-6f98-4af0-a9fc-ab8da217520c" agent-api.atera.com/Production 443 or8ixLi90Mf "minimalIdentification" 001Q300000MFxEPIA1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x1ef26d20000
                                                                                                                                                                                                                                                                                                                                                File size:177'712 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:31DEF444E6135301EA3C38A985341837
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3627879487.000001EF27180000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF27018000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3629811902.000001EF276E1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3629811902.000001EF2779F000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3629811902.000001EF27763000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF26F99000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF26FD1000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3629811902.000001EF27727000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF26FCB000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF26F90000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3629811902.000001EF27753000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                • Rule: JoeSecurity_AteraAgent, Description: Yara detected AteraAgent, Source: 00000025.00000002.3623340432.000001EF27050000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                General

                                                                                                                                                                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                                                                                                                                                                Start time:13:20:27
                                                                                                                                                                                                                                                                                                                                                Start date:02/10/2024
                                                                                                                                                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                Imagebase:0x7ff66e660000
                                                                                                                                                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 06622764 Relevance: .4, Instructions: 396COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b925d3744e6424e232a734f688f507b30734024a4cd649edd953721d7c664065
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 482515c41ddedf0b2fccfc959f1805681fc5f1711bc7913c1d61240bf9627d00
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b925d3744e6424e232a734f688f507b30734024a4cd649edd953721d7c664065
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E09271C09205DF8794EFB99A115DABFFABA16314B6082AEC409D6711E73386028FA1
                                                                                                                                                                                                                                                                                                                                                  Function 06621080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 07fc7a40470665560cb0a7a6cc775d8446c68ffff25430ea013d42006be230cf
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e1ba0fe60a3d13598afa86a7f5e498f085d0c82f34bfda6e5bca03a9de205be
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 07fc7a40470665560cb0a7a6cc775d8446c68ffff25430ea013d42006be230cf
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD71A435B10615DFEB54DBB5C8546AEBAE7BFC9200F148029E606E7391DE31DC82CB91
                                                                                                                                                                                                                                                                                                                                                  Function 066223B8 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4a8d4ddaa1472670f61657629bd2f4d85687e9e768233ad897e02abb8920dce7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d9ddd91dcd6d7c71a77a7a422f43e27ab79042aada38c9cd23750a8843cf575
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a8d4ddaa1472670f61657629bd2f4d85687e9e768233ad897e02abb8920dce7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25515831B156228FC750CF68D860AAABBF9FF45314F1581A6E518DB3A2D731DD42CB80
                                                                                                                                                                                                                                                                                                                                                  Function 06621630 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 893e2b98e3f46bd9e47902c5a3117324f2d9801c5601278d0a064e915a471620
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12626ae07a259d6a6044f72db21f423b059723978b1d9c2973ad51ed57ae1e2a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 893e2b98e3f46bd9e47902c5a3117324f2d9801c5601278d0a064e915a471620
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D511335B0461A9FCB54DF78D8406AEBBF6EFCA340B14813ADA14DB354DA309D02CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06620C1C Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e86ee10c95f748a32e0aaae38c979997c8909d19c89eac0b726de8be137b2fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5d46b0e89c80ea439608d78f111e0c52f128519c5d77fb734d7de29101586746
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e86ee10c95f748a32e0aaae38c979997c8909d19c89eac0b726de8be137b2fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8151C430B08255AFE755DB68D8587AE7FF3EF8A310F148059E506E7382CE785C858BA1
                                                                                                                                                                                                                                                                                                                                                  Function 06620E8C Relevance: .2, Instructions: 153COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 878fa0df85a1c818e87fc84a6d80b42d10327aa10db4010783f7317494f890a2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2b0d9de74846c54a82bbafece497024c6a16cd7de8a78988ea973a547dfab6cb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 878fa0df85a1c818e87fc84a6d80b42d10327aa10db4010783f7317494f890a2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51417E31B405166BE758AB68D8747BFA79BDFC5210F10803DEA06EB380CE349D468BD5
                                                                                                                                                                                                                                                                                                                                                  Function 06622644 Relevance: .1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f2de37807a57d378d1b1960212723aba79b7d4069dcc1cba27d572a4ebbc605e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 874ded349783c8c5e4aef61b35d7f65ebfc1d30b613fc0393661bbd470c3f49f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2de37807a57d378d1b1960212723aba79b7d4069dcc1cba27d572a4ebbc605e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A315721B197661FEB696675987437E2FDF8FC2214F04806AD801CB382CD689D454BA5
                                                                                                                                                                                                                                                                                                                                                  Function 06621F08 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7cc718604b2d4ef99ed5584cd5c8c4c558cd2a50addb2b2ab3835b18098d8199
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: efccf782ded593b84b37d1fe6a1e6daf47385826fa1f3b9f7258b7f3f3068b84
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cc718604b2d4ef99ed5584cd5c8c4c558cd2a50addb2b2ab3835b18098d8199
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ED316C327096A62FC7159B65782566FBFAB9BC3160704406BEA08CF293CA684951CBF1
                                                                                                                                                                                                                                                                                                                                                  Function 06622268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ee5e690f2c510b703e75b9deacbb59fc9488626352e2e6332c1c614b2af4e14
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a7dfc44f13659883b6e28ea8ec10176c484cc97f59ccbcbc134d5cadfa68bcc4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ee5e690f2c510b703e75b9deacbb59fc9488626352e2e6332c1c614b2af4e14
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72410579B006199FCB94DF68D89499EBBB6FF88610B10816AE905EB360DB319D41CF90
                                                                                                                                                                                                                                                                                                                                                  Function 06622A98 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f4d09368317a546dd73d029a287cfb76567b9309d0e238228d2c068bcfcc5f6f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f9954eee8848a0548112df433ba8f4313947743e79829520859c2edc99fda96
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4d09368317a546dd73d029a287cfb76567b9309d0e238228d2c068bcfcc5f6f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15217D21B197620FE7A95635A8703BE2FDF5F86614F04807AD841CB7C3DDA88D058BA1
                                                                                                                                                                                                                                                                                                                                                  Function 06621050 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d0db0a6c315c4cab73ca2ad774014830bdd7aa4257eb225efb8b9ab474e470c3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7db6dc3d4c23120477f1f78bae31c6b44a87baf61c0544555b328f764631ca0b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0db0a6c315c4cab73ca2ad774014830bdd7aa4257eb225efb8b9ab474e470c3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE212D32B052659BDB10DF78D8546EABFEAEF86210F044066DA06CB342DE70CD868FD0
                                                                                                                                                                                                                                                                                                                                                  Function 06622258 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 50506c011835f55e9b989d8c35baca0da31cb82c9ceb0528d7d6a72645f2b300
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b376b170dc7542198f1ff5b02d080168656f5b21af051b3bb4589193b26a7575
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50506c011835f55e9b989d8c35baca0da31cb82c9ceb0528d7d6a72645f2b300
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29211A75E102149FCB44DF68D88499EBBB6FF4C720B10816AE905EB360DB319941CF94
                                                                                                                                                                                                                                                                                                                                                  Function 06621958 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ffb0d25895189359c6e489825c54c394417b171f30e05d2c3672a77e37d114ee
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e8a73cf38c158e034c1685cc5c1eacd1c502bed23edb07425d98c7841f4cdc6c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffb0d25895189359c6e489825c54c394417b171f30e05d2c3672a77e37d114ee
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F211D35600155AFCB04CFA8E458AE9BBF7EF8D320F148019E50A97242CB795CC5CFA1
                                                                                                                                                                                                                                                                                                                                                  Function 06621378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 78824633d1666cdac5b3a10d9f0e899d58644889e0a761da95ede12c3e2d3ecf
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9349a2b550a05c86838f666d978502ba356413f6269c774f08ed9e1e04add866
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78824633d1666cdac5b3a10d9f0e899d58644889e0a761da95ede12c3e2d3ecf
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98210471D0424A8FDB14DFAAC480AEEFBF0FF88314F14852AD919A7240C7355945CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06621380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 32cf3c71e110130c90d8ed66232a95373d23798a622c4bfae20531b3f5bfffec
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 68ef8e3e08be82ef15f433b174ad685dd2a493fbcaf1729219f7afda3ca8811b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32cf3c71e110130c90d8ed66232a95373d23798a622c4bfae20531b3f5bfffec
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF11F4B1D042498FDB14DFAAC881AEEFBF4FF88324F108429D51967240C7756945CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06621968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 59c6d1ae6db4373078e3c31c1cd65fb1174c875e45eed0d4899552abd3c5cd6a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 75fdc9fb795a96b18c5ea8551a392edce85f3a3035d078e0c25ad1a16d97815b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59c6d1ae6db4373078e3c31c1cd65fb1174c875e45eed0d4899552abd3c5cd6a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1311D735600115AFDB04DF69E458AA9BBF6EF8C311F148019E50AA7281CB799CC58FA0
                                                                                                                                                                                                                                                                                                                                                  Function 06621440 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9574f65a0b2b90fc17770e31cec456b5d6c79924407beca19710a42676f69de0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aa971c8a587d56087748af1b6cd3be73c37a0c63487ca818e1ef28596171b4a0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9574f65a0b2b90fc17770e31cec456b5d6c79924407beca19710a42676f69de0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6101B930B1D3865FCB059F78693911A7FE6DD8610830508EAD649CF293E9158849CB92
                                                                                                                                                                                                                                                                                                                                                  Function 0404D005 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2152888922.000000000404D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0404D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_404d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b1ef8b624654eafe92e6c5a68dc83a700fe7ac251fed223b52db117021148556
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8c361660f2a9b83088ce317244c494019c9b230603e4f79415748cce3c8c6b92
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1ef8b624654eafe92e6c5a68dc83a700fe7ac251fed223b52db117021148556
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F80180A100D3C09FE7138B259C84752BFA4DF83224F1981EBE9889F193C2686C45C772
                                                                                                                                                                                                                                                                                                                                                  Function 0404D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000002.2152888922.000000000404D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0404D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_2_404d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: df7cf0aa6ee2d70cf7f7b5e2de715a7cf204075d46bc07c42d90b9c2ddc13fac
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0b1ed63f4a1ecf90c146dfa46247832f500b4d80fcba0b3f6c9e9715972c93fa
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: df7cf0aa6ee2d70cf7f7b5e2de715a7cf204075d46bc07c42d90b9c2ddc13fac
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F101A7B1504345DAE7109E25E984B67BFD8DF81324F18852AED485B142D279E846C6B2
                                                                                                                                                                                                                                                                                                                                                  Function 0662182A Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: accacfb7798c47ee589dd8e33145884a51bd66f69635bc04e85dc961128848b5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c17b23ea797a07624764e55b5b649b4876b896c0356bb7683bbeacc68425f185
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: accacfb7798c47ee589dd8e33145884a51bd66f69635bc04e85dc961128848b5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67012631B04526A7E748DA68C4513AFBEB79B89304F24806DD202F7391CE7A4D01CFE5
                                                                                                                                                                                                                                                                                                                                                  Function 06622664 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7513d8bd1cff18555c362b10090671560486a30a8d6f42328d4bfd51342a0ffd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dbf5193078b93e0728af1f668a68d3ddbc498ccb4b6091f57d8679ed3c5a9667
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7513d8bd1cff18555c362b10090671560486a30a8d6f42328d4bfd51342a0ffd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8EF0C93BA5F3A17FE34123B839283AA7F9DCF43221F1140DBE545C6093C8684A4A87A5
                                                                                                                                                                                                                                                                                                                                                  Function 066225D1 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c082d6da456997e74a0a5f37f20fcde975a4fef0482d72f09c0dd6ad726f9ed
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d384f2005da2dbf43cba10aa87a5ebb208382c1dbf37638e138e57272d774966
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c082d6da456997e74a0a5f37f20fcde975a4fef0482d72f09c0dd6ad726f9ed
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9F0B43BB181945BCB4C9668E4185EE7BB7ABDA220B20416ED40363380EF71591AC791
                                                                                                                                                                                                                                                                                                                                                  Function 06621431 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bfafbd01fa082cb9783289fd7f2e29f261a68b2053f08b02e6135689e4fc8a4b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fc771742aaccaf313dc354cc6f67c120d874663723045b0cc39010fcd4f49901
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfafbd01fa082cb9783289fd7f2e29f261a68b2053f08b02e6135689e4fc8a4b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02F06860B092976ECB099FB8653911E7ED7D9C621430508AED245CF292EA15C885CBD2
                                                                                                                                                                                                                                                                                                                                                  Function 06622654 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8376cf60e37b3afd73c745052c4036939b871243f756c7f4e8eb3438a8586711
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c6ff90dcd02d037901a0884d6de3e5df4ce4a0daeb74b1b190dcd968cae82deb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8376cf60e37b3afd73c745052c4036939b871243f756c7f4e8eb3438a8586711
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59E09221B24B3B07EBF8256998B07B62ACE4B50709F00883DC4018BB86D8C8EA510FE5
                                                                                                                                                                                                                                                                                                                                                  Function 066225E0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bd2fb4fe5db3ef5a565ba10753835c8c2f45616f60b4a0857fdf779949c76feb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 60702afe85fed3121554b40dfc32d82f67e5107031c70cbd159c218aa44459d4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bd2fb4fe5db3ef5a565ba10753835c8c2f45616f60b4a0857fdf779949c76feb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAE0E536B101588BCB1C9669E4585EDB7BAEBC8210B50803AD812A3340EF305D09CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06622590 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6a3d84fb89abbe14344d2faaf6dca4895d32d8262877edc85403e23077ab5636
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 35fe78726daf81cd2e38ae3fba9acbbd65f3739a54e2d21044a71c8e879cd4b1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a3d84fb89abbe14344d2faaf6dca4895d32d8262877edc85403e23077ab5636
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E07D7231A3500FE30253F4B8244C53F53CE932103465A9EE1418F153CE506D8983D5
                                                                                                                                                                                                                                                                                                                                                  Function 066217F0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 63bb7b597f5bd956bbf97aa7665715c6a31ba5de9ac7b479ed45217ea7ef91b9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5341ca2cd4a3023bf0777d32eab32b85d9ca6d4a4bd25bd00199eb3eb0b410a8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 63bb7b597f5bd956bbf97aa7665715c6a31ba5de9ac7b479ed45217ea7ef91b9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DD02B3B34D1D05FC3024760E8220E67F379B472103185097F4D1CB6E7CE240625D764
                                                                                                                                                                                                                                                                                                                                                  Function 06622A58 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 971c2c5f1d8a073344eae099ab35986ed2b55fc5bfc303729d9a24575e44bcf1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a4e44a74c47d8480eddb0a87d2c9e39fc7c52fb0f8cf206ad3a6c34bc11f8ae8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 971c2c5f1d8a073344eae099ab35986ed2b55fc5bfc303729d9a24575e44bcf1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6E01274D00209DF8794EFB9955155ABBF8BF48204B5085ADC40CD7600F7329612CFD1
                                                                                                                                                                                                                                                                                                                                                  Function 06620C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f07e36a18eaa04a683160ff4be5a7e06ad99829eaac2e9f87d957d7bf37c69b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cd335c6f348b349938e6c8f49acb68818fd5d21783c7c4238a4522d8f1e77b03
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f07e36a18eaa04a683160ff4be5a7e06ad99829eaac2e9f87d957d7bf37c69b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1D0A73632442D7B53406618D88687ABB99EB853603108427FA0283254CD70AC528BD9
                                                                                                                                                                                                                                                                                                                                                  Function 06620440 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3c5c23f2a1eadeb5d785c97b620cf155adab707343f7928a6d3d09cbf14e1de9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 210563e4fd9816e31cd6354bd01d234844cfb7325264edbec5dbe9a00df0d14b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c5c23f2a1eadeb5d785c97b620cf155adab707343f7928a6d3d09cbf14e1de9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38D0127261D7D19FC346829448C44D57F21B93311438D83CBD0858D553D21A8497D7B5
                                                                                                                                                                                                                                                                                                                                                  Function 06622C37 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000004.00000003.2152025235.0000000006620000.00000040.00000800.00020000.00000000.sdmp, Offset: 06620000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_4_3_6620000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 58a2f34b7d8d7389cc276a5c41ea204de40dea38c89774065321f84b86dbdcc8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6afa67405a0381f8deddb362130d90f80c0b8ba1b2df3acd2cbe4fedd21fd33b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58a2f34b7d8d7389cc276a5c41ea204de40dea38c89774065321f84b86dbdcc8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43C08C1214C7E99DC323A2B02C207E5BF880B1202AF0E00FF96888B0E3C40980A897B2

                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 06B60040 Relevance: .5, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195424491.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6b60000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e6a0c33c996b1f08b7056820f970471f0a985a510348c83ef7ae7ec862b9eabc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 001f9d6b9972f20913c0c1c85e44d0fd772f3bdae7a9867319547cd78582aff7
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6a0c33c996b1f08b7056820f970471f0a985a510348c83ef7ae7ec862b9eabc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96229170E1021ACFDB14EF75C94469DBBB2FF95300F1182A9E946AB250EB74E989CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A885C0 Relevance: 1.7, Strings: 1, Instructions: 440COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: d
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2564639436
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21fce11ee7d99e7871e0f69371142673ec73982c413c4fbeed7a8826a12ca321
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a275bf14b8eb3f5b2ef6c4c4b88b3199416f14df650089404553a83487289cca
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21fce11ee7d99e7871e0f69371142673ec73982c413c4fbeed7a8826a12ca321
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9502AB34A006058FDB50EF59C48096AFBF2FF89314B65C669D45A9B3A2CB34FC42CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06B69FE0 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 06B69FF8
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195424491.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6b60000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a9791219a82676a48dcea175ef78c733d06165a177f91b473b4abcc366c87f3b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5ee6c6f29e8d74a664613ad8d356c9619a538aea81873e896ffbb45371a381b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a9791219a82676a48dcea175ef78c733d06165a177f91b473b4abcc366c87f3b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD115C75E052049FEF50CA7AD5803EDBBA1EB89328F1491A5F511B32D0DB3AA909CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06B69FD0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                                                                                                                                                  • KiUserExceptionDispatcher.NTDLL ref: 06B69FF8
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195424491.0000000006B60000.00000040.00000800.00020000.00000000.sdmp, Offset: 06B60000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6b60000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID: DispatcherExceptionUser
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 6842923-0
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b900d8bb4abd97fee2b9493c5bc82ba02447a7df46b991a29f4876093294527
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6d5d651760a1d33027a9c222385e27255b75c38567e4ae5351b757f2496b5fce
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b900d8bb4abd97fee2b9493c5bc82ba02447a7df46b991a29f4876093294527
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB115C71D062449FEF65CE35C9443ED7B61EB49324F145194E91173290DA399909CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A8BE40 Relevance: 1.5, Strings: 1, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: QSl^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1371466045
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 424e193aa024d42b1b3291e9151fc152f929055b1a46bcd770158155f46f3f3e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 36ee2a6a5c55602eed057ee929192615322785d62090b14f2e3d8f4beb2560e0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 424e193aa024d42b1b3291e9151fc152f929055b1a46bcd770158155f46f3f3e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84B16D74B00601CFEB55EF75D59496ABBF2FF89200B048569E9068B365EB30EC46CFA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8BE33 Relevance: 1.4, Strings: 1, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: QSl^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1371466045
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 352635a11c50ce1a6417be53192ff5f50ffb758d43ef77d1a6f5b8fd85730979
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f8a1683f527d85ed5db69d6c627afd2668983664b08066b7f16db890002b7ccb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 352635a11c50ce1a6417be53192ff5f50ffb758d43ef77d1a6f5b8fd85730979
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F717974B002019FDB55EF79D4949AEFBF2FF89200B048669E9168B355DB30EC46CBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8AAA7 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: l
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2517025534
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2cef15596624e88418b91656e8b47d62c655b1486eacbf55cf64e5534751ff59
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 96616a5fdb0288bb980910f9970b3565cc1372537b993ede73368721484d859c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cef15596624e88418b91656e8b47d62c655b1486eacbf55cf64e5534751ff59
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD217E34E05349DFCB41FFA8C8549AEBFB2EF49310F41409AD542AB352DA30AE44CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E3EB Relevance: 1.3, Strings: 1, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: C8
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-816706217
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 36c136a412996620f0d035d4c1a4e334d5e0b34bbe31906e48e50b9027d9e3c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 976ba5c21c93136afa9bcea68a47d4c37ec3dbb6144f8f6181bef156021ef21a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36c136a412996620f0d035d4c1a4e334d5e0b34bbe31906e48e50b9027d9e3c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1018136B202158FDB42BB99985176EBBA3FBC8610F54851AE6025F344DF70AD0687C1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E36A Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: C8
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-816706217
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 16231ec80cb9122bc0839affad2069cbd734cae561b6e42442fc06bcacfa0cf6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 046e4ba47271f5a5cb85546e7ad8ebecbfe585770378ab1d59a2b0050e0bbc14
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16231ec80cb9122bc0839affad2069cbd734cae561b6e42442fc06bcacfa0cf6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62F0F432B102108FDB02B798984126DB763FBC8650F54801AE6025F344DF70EC03C7D0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8746A Relevance: .9, Instructions: 922COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23fe6bf25d90d84f588e21da634411685205aebf23929ce85585d9e6846c2446
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c9e753b0ffbe7840d4586ce09ec9358da19faeae9b0b12766dff89b25bbab85b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23fe6bf25d90d84f588e21da634411685205aebf23929ce85585d9e6846c2446
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40A2EA70900218DFDB259FA4C854AEEBBB2FF49300F1445EAD60A6B350DB329E85DF91
                                                                                                                                                                                                                                                                                                                                                  Function 06A874C0 Relevance: .9, Instructions: 867COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 117a9842d45037ac32ed6e4e8e72455be5184dd2c43b509a101e542c072aaa9f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 677c34182468ae0098ee93e1b460908104386da187a7ce42587484d1e2416e68
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 117a9842d45037ac32ed6e4e8e72455be5184dd2c43b509a101e542c072aaa9f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB92C874900218DFDB259FA4C855AEEBBB2FF49300F1045EAD60A6B350DB329E85DF91
                                                                                                                                                                                                                                                                                                                                                  Function 06A86C20 Relevance: .3, Instructions: 342COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 35cbc09660926d62cf2bf478c352de12a0510e2d124d3d7a8d0d75d639de448a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 73e858144467a65b51686b4d918333a87b7941fa2b01ff866677e99368e6ce78
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35cbc09660926d62cf2bf478c352de12a0510e2d124d3d7a8d0d75d639de448a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47C19030B002158FEB58EF69C454A6EBBF6FFC9610B248859E4469B359DB30EC46CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E1F0 Relevance: .3, Instructions: 325COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6213738862b99314f87c848e92b7f00496e142c1d6f78351850de614149f3c64
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 970ed84a822b427b6cddcd1105b77f07f2a65eec58abb1395f2deb08606b3da5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6213738862b99314f87c848e92b7f00496e142c1d6f78351850de614149f3c64
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5CC15F70B10219DFDB54FFA9D994AADBBB2BF88200F144129E902AB394DF70DC46CB51
                                                                                                                                                                                                                                                                                                                                                  Function 06A899B8 Relevance: .3, Instructions: 324COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad8607d9b6dcc822681e26b325a98ef89fdd32a4ff534fd164bb4b658dd766d4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9bcaf0cc37673300feb0402075de547743db4fb24441ba7a6cdfe56ee925179
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad8607d9b6dcc822681e26b325a98ef89fdd32a4ff534fd164bb4b658dd766d4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADE11974E003598FDB45EFA8C888AADBBF2BF89300F158195D849AF255DB70ED46CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A899A8 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 14da11d20c9fd4b712d82a97f2667936fb9d485bc904301969249d6bd0969d17
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fcbf4955f8dfefc59ddcc0cb2e4df1aca73062ac7d78930fdd671370e617cba7
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 14da11d20c9fd4b712d82a97f2667936fb9d485bc904301969249d6bd0969d17
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D11974E103598FDB45EFA8C888AADBBF2BF49300F158195E809AF265DB70ED45CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B9F8 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dd6f1f8947b4d0028c678b7e7817f6d2db9b454db3d7bb22512c1fe537f958d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e04528d010f58b17aed777c05233b3f652059779f87b5ff06052db818dc05b6a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd6f1f8947b4d0028c678b7e7817f6d2db9b454db3d7bb22512c1fe537f958d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2781D231B001148FDB58FFB9D4546AE7BE6EF89650B1440AAE90ADB391EF30ED05C7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B688 Relevance: .2, Instructions: 218COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9482631cff05e92126ebd4018807310bccc6db751cbc58ae93269cce502432c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7ece7b2d85486062478ffccf30027d7487bab7f6b1bec2ba45fecf8d1bcc2687
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9482631cff05e92126ebd4018807310bccc6db751cbc58ae93269cce502432c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8261B175F042168FDB58BB7A885467FBBA7AFC4644F14802AD906DB394DE30DC02C7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A81080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fe7f2090a7e44fa3bf2597c4beb38245e24ff8835e3c62939837dfea81d0020
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d219e132eee1ba5b7f977b778f36ca93cc8133d485c6aff633dc3c402366b4b8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fe7f2090a7e44fa3bf2597c4beb38245e24ff8835e3c62939837dfea81d0020
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D718235B002159FEB44BBB5C8546AEBBB7EFC8200F158029E506EB3A5EE75DC42C791
                                                                                                                                                                                                                                                                                                                                                  Function 06A868E0 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2d9991b3a5e50f9401cce82caa09b5102e8757202e716fd9f65bf78fb617e9b3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c5b6a23e7d34a9f9f1ab0e59412a8632b61595baa9694dc7881d7118c3d888a9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d9991b3a5e50f9401cce82caa09b5102e8757202e716fd9f65bf78fb617e9b3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA615B3AB002059FDB41DF69C88099ABBF6FF8D300B1481A9E619DB321DB31ED15CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A86048 Relevance: .2, Instructions: 190COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f5f2785fa49398d5e2741156681065b005cf95bb75b9f3412f50cabf89b9364f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b8f1065600a9a9ef9c8c4fc633b75dcbad236cb89c91406c040067daa8b67f6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f5f2785fa49398d5e2741156681065b005cf95bb75b9f3412f50cabf89b9364f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14715A34A003089FEF05EFE5C86079EBFB6EF89300F10506AD646673A1DE356E459B91
                                                                                                                                                                                                                                                                                                                                                  Function 06A8ABA0 Relevance: .2, Instructions: 186COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6d0c66f09b4fa473cf99d5712cd5a6351b701ebf8f640469e850733dc08c26d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c4b524e24f780965254ce14736b29add873b17a3c6bd92a30d18af516102cad8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d0c66f09b4fa473cf99d5712cd5a6351b701ebf8f640469e850733dc08c26d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9751F7747105018FE798AF29C598A297BF6BF8961172984AAE606CF371DF31EC45CB40
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E7D8 Relevance: .2, Instructions: 181COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f8e07158bfe792a4366b48980c5252eaf3674d5d7acde9cd60c7544d672285cf
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d2ecb0b2456ac1f828e43b1c9daa55aad574aa12370624d32cc3aece5c967ef6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8e07158bfe792a4366b48980c5252eaf3674d5d7acde9cd60c7544d672285cf
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B614B30B00109DFDB54FBA9D59566EBBF7BF88604B208429E506EB394DF70AC45CBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A80C1C Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a61b729dad32b9265cd3f3eb9c01236d27839070710cbcc976eca54e29b19c6e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fb07d4b2e607f1a83561bceb13425cbc45f88ff439aa7b459e37e85022688b24
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a61b729dad32b9265cd3f3eb9c01236d27839070710cbcc976eca54e29b19c6e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0851E430A04245AFEB84BB68D8547EE7FB2EF89314F14406AE506AB381DE785C46C7E1
                                                                                                                                                                                                                                                                                                                                                  Function 06A86C10 Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f0b85b9eedc5371e7d6a9a5fa3205f13326fcf0f6b2dae9190e8e9c9aede0b85
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b34d52ca5a3cc2d950b40d75cd53b6dbffc656f99b8d4ed7df65456e39de0ce3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0b85b9eedc5371e7d6a9a5fa3205f13326fcf0f6b2dae9190e8e9c9aede0b85
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D519030B001169FDB44EB69C944AAEBBF2FF89310B248559E506DF3A6DB30ED45CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06A81630 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4179babd6c6d8741d45260ee545449cec032e163e2b59759b4fa97c9af7a4d74
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 287845de293e84159d626a2727ee629ba8192b7b3fba79988ff043f0e9078581
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4179babd6c6d8741d45260ee545449cec032e163e2b59759b4fa97c9af7a4d74
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E51D035B0024A8FCB55FF78D8506AEBBF6AFC9250B14813AE955DB364DA309D02CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A80E8C Relevance: .2, Instructions: 152COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7f93678b7114929d80935f645f0254fb9e3d90ca4f04791360e5d264216f6dc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 31a8a5ac844755e6687afa5fa5e450258af5c42c4a934139305adefacdb18928
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7f93678b7114929d80935f645f0254fb9e3d90ca4f04791360e5d264216f6dc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22411831B001056FEB98BB69D8607BEA7A7DFC8610F14842DE906EB381CE359D46C7E1
                                                                                                                                                                                                                                                                                                                                                  Function 06A85482 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd7407ca7c00c4a11e1829dd2e15ca91f2ecd59d1c166dd4d2e8d97bc589345d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f64db33f08a71b8d15907457fbcee0df5f7186ec025dcec5992e8dffa9b23331
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd7407ca7c00c4a11e1829dd2e15ca91f2ecd59d1c166dd4d2e8d97bc589345d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 215134B5A0120AEFEF04EFA4D954AAEBFB6EF88300F104019E61267795CA306D45DF61
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C4D8 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 98f3615cbcf79ba7b1b8a9f8163ebe1be7c76f42b6aa10d64ef6bf64977e43e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b4cf4dbba9e1cfd7c46cb2c01fb616a7cded8551257b4401b0234bea042a934
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 98f3615cbcf79ba7b1b8a9f8163ebe1be7c76f42b6aa10d64ef6bf64977e43e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8651E3317047418FD769EB34D454A6AFBE2EFC5210B08C6A9D54B8B751DA30EC46CBA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A860D9 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 86912a348aba17752643dca956b8958f754dffdc50f997b4b2765760e20acb53
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f8a6728abf8d5f617ee6fb3270d10c5887423b4997e7a955f1e8ceefa34745c5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86912a348aba17752643dca956b8958f754dffdc50f997b4b2765760e20acb53
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7151D474A002089FEF05EFE4C860B9EBFB6EF89310F105069D616773A1DE356E519B91
                                                                                                                                                                                                                                                                                                                                                  Function 06A834A8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5cf14b01228fcc1dbae70979fd71a9aa18aa60df473addd75a67b862375671f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c39eec95ca8ce9531c4ebfbfb0b54447bc1b207f78c4bac5eba8b905d3cc51aa
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5cf14b01228fcc1dbae70979fd71a9aa18aa60df473addd75a67b862375671f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C51843431220B9FDB45EB68E56156DBBA7EFC5600700962DD9068F349EF70ED4A8BD0
                                                                                                                                                                                                                                                                                                                                                  Function 06A84EC0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ee421957a4a926ce71c9e099d299ac4ceb6097da00ec8ffd2b9fcd910b3de09e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5443a051512bea8f489ca1c8afc5c61389c08f9ac8404807338735caffc9efdb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee421957a4a926ce71c9e099d299ac4ceb6097da00ec8ffd2b9fcd910b3de09e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99419C30B002168FDB59EF79C85065E7BE2BF89244B24856EE41A9F399DE30DC06C7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A834B8 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f006c2998865b210911edbccbaedca5e1093cf6406aca6d4a777785a555151f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 31dd000710951bd3840ab66a62c77d5fece39fe1dcdbc360f81a1294dbe221fd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f006c2998865b210911edbccbaedca5e1093cf6406aca6d4a777785a555151f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E51933431210B9FDB45EB68E56156DBBA7EBC8600B00962DD9069F349EF70ED4A8BD0
                                                                                                                                                                                                                                                                                                                                                  Function 06A830EC Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: badbf5d49b64bd166fccb0fbea0a97b41192a2b1b6c32495bbf63054e38d42e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f838a506ad83be39362cb3a8cceb7d2513228b9d04fa3eb10b3c2307192d4172
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: badbf5d49b64bd166fccb0fbea0a97b41192a2b1b6c32495bbf63054e38d42e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA410230B052049FEF49BBB5986477E3BABEBC5A04F048469E406DB395EE34DC41C791
                                                                                                                                                                                                                                                                                                                                                  Function 06A85490 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0eed70cc5f4ad8b64d3dd634b05d12a20cc96ebce2a8394e9c705d968e6b1afc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ac15e9becfb1e6abb58634999b9467a97310f59c04a82d384aadc500ca6fdb9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0eed70cc5f4ad8b64d3dd634b05d12a20cc96ebce2a8394e9c705d968e6b1afc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B65105B5A0020AEFEF04EFA4D954AAEBFB6EF88300F104419E60267795CE316D459F61
                                                                                                                                                                                                                                                                                                                                                  Function 06A8A228 Relevance: .1, Instructions: 136COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a6eda8ac4069d41e98fbb9ca79f2a45d22bd38788468c1a1edfcdf9f2cc8596c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 60bd2b2dd2d82b97d490f771e431375330e9bd2cc69cb472b35123b2331005ab
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6eda8ac4069d41e98fbb9ca79f2a45d22bd38788468c1a1edfcdf9f2cc8596c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD41F530B042449FEB15EF65C454B9EBFF2EB89610F14819AE905AB391CB75AD02CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A860F9 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6026d7c275b981b0ad03f7e4e709663ef2dca0edd7bfd47df43b04a7ef6d8cdc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8758bf8ede97595fea8d8aa94ef6b3a77ab936110f9c99dad762081106253246
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6026d7c275b981b0ad03f7e4e709663ef2dca0edd7bfd47df43b04a7ef6d8cdc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9351D474A002089FEF05EFE0C86079EBFB6EF89310F10506AD6167B3A1DE356E519B51
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E428 Relevance: .1, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0a6e50e09eec65f5a189638cf8def0013ed06393a07c8c71f384d963d14e540e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5a5ada42bf1841b5fd1a36894b2fbb04dffaf5eca0979fb10b38e4e036bf55a2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0a6e50e09eec65f5a189638cf8def0013ed06393a07c8c71f384d963d14e540e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A415F70B10215DFDB58FF75D994AAEBBB2BF88600F144529E916AB390EF709C05CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B4F7 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cf36a4c6f40c0e7ef1607eecee1b7853f378c3c157de957a0e7801d513ae1563
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55aa3fab28c49e2bc4d12f91ca4d2c5dde1de6299263dd9116fea3b2c5453b56
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf36a4c6f40c0e7ef1607eecee1b7853f378c3c157de957a0e7801d513ae1563
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A41D43590A3D59FDB03AB389C615DA7F76EF83214B0540D7E580CF1A3DA34894AC7A6
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C9A8 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 72d440cd04080771c7f6e1b7ed7d3b13931498f2eac74a8064d80f6019790fbd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 715e0a185bab024f6addd6b532b395564de7f0f4b682abfacef797228c0ce0c2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72d440cd04080771c7f6e1b7ed7d3b13931498f2eac74a8064d80f6019790fbd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6731AD5241F7E16EE743BB385C715DABF659C9321470A02C7E1C1CE0A3D5088A9EDBBA
                                                                                                                                                                                                                                                                                                                                                  Function 06A8EA88 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce4fe5831588e0d3f6c1a14a893e880839741c3d6676930abc19c75870585db1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ab961237db434f959e6ab7285fc36a4ed07037c175bfa992374fbe8c93174ea
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce4fe5831588e0d3f6c1a14a893e880839741c3d6676930abc19c75870585db1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD31F230B002058FEB58AB7ED85596EBBE7FFC96507144029E906CB351DE30DC05C791
                                                                                                                                                                                                                                                                                                                                                  Function 06A885B0 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9eb38f43f49b97313d866a9054cc49e4132b8bf5ae4cca3684ddff5ab6cd2e5c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d67d9033e97b1f0e4dbe2402efe4667afc3a38afe14da4392eb01cac7c1ff508
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9eb38f43f49b97313d866a9054cc49e4132b8bf5ae4cca3684ddff5ab6cd2e5c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21415834B006058FDB54EF59C480A6AFBF2FF89354B55C5A9D45AAB361CB34E841CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E7C7 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f13fc76aeb8fa18d94ef3a27c443c14ee87218ab21d48bb12edf744cc29ba0e3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7534e37485bf39917992a23aefbec3e1b15edb44ec340a84dd60cf0f6177e615
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f13fc76aeb8fa18d94ef3a27c443c14ee87218ab21d48bb12edf744cc29ba0e3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50418131B001059FDB54BBB9D49566EBBF7BF8C600B208529E512EB354DF70AC45CBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A81F08 Relevance: .1, Instructions: 114COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe036d2ceafc335e1b2ab59733b6e8fa1e3a64d043217ee2bd53a13f47e73287
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 01f263f8422b3166d2895259eb2c7cb17f997ab3b641668ef33851d989995c3c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe036d2ceafc335e1b2ab59733b6e8fa1e3a64d043217ee2bd53a13f47e73287
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B318B32B053462FC7257B617821BBA7B6ADF81250B06506BE609CF192EA244C42C3E1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E1E0 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40f89da080a26609349dda5eb824ed2330f929d6f36580281890e15d2fddd20f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5021fb883e86f3c0362d02c278ff4025bca3b22bdda451b396f83dbaeadc193b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40f89da080a26609349dda5eb824ed2330f929d6f36580281890e15d2fddd20f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3415775E01249DFCB54DFA9D88499EBBB2FF89300F248169E801AB364DB30AD46CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A8F699 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d0a78a4e33228cbc8cf08cf4640b8d572b4f16d88384fd20728299aa3e7a917
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f30e9253f2dcc104ac35f1fe62b06b8495432ce29755ea960dd0cdc1293092b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d0a78a4e33228cbc8cf08cf4640b8d572b4f16d88384fd20728299aa3e7a917
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2041D271B002568FDB65EF78C88496EBFF6AF89200B04456DE246C7361DB30EC0ACB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A82268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 23590660040f3b8dc9d9c43bba467e465fbecba662de2569bbe90bd81870776d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 98e3e6ad30d491f0068e785a55379febaf63cfd9641c9cf54dd7a4abe837d0c3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23590660040f3b8dc9d9c43bba467e465fbecba662de2569bbe90bd81870776d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98411B75B112189FCB54EF68D89099EBBB6FF8C310B10816AE905EB360DB31ED41CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A8F6A8 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ff844a4d6c1121f1c76e1bcb58c30191637e0099a4450ef55e9b1c1d0bfc1c32
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e863ed55d95f429b3e0860a1f57c15de302131d0a32a06ce18309544311cb74
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff844a4d6c1121f1c76e1bcb58c30191637e0099a4450ef55e9b1c1d0bfc1c32
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C641C3717002568FDB64EF69C488A6FBFF6AF99200B04456DE246C7361DB70EC09CB50
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B080 Relevance: .1, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 097fb94cb1008efa43831846c6fd4764c1aa31f1da38e0f37d5ebba42ac04ac2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d39a2c70f98b2650c24b78bd1755c7928d7ce0eecc68c6baa38cbfd413d6f311
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 097fb94cb1008efa43831846c6fd4764c1aa31f1da38e0f37d5ebba42ac04ac2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 63318135B001058FDB50EB69D984AAEF7FAFF84610B14C16ADA19CB355DB71E805CBA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A84EB2 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e65d2909d63d7f92c81516aa7930a7530ffcda69098d158cacfc5a0a7e86eaf4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9942864d5d11f770011317253e8217df834fa1cd78efbcfcda07ca4995bf2a88
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e65d2909d63d7f92c81516aa7930a7530ffcda69098d158cacfc5a0a7e86eaf4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EE316130A00206CFDF55EF69C840A9ABBE6FF89308B11855EE9159F356DB30ED06CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06A83719 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce18380adfdec9fe913c014455a9741dfe91d607304acff7ba0c2536b679c270
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1bd8df3975c556b66ebda3ff195a910a606bf37eb266408f98f7dd34402d9937
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce18380adfdec9fe913c014455a9741dfe91d607304acff7ba0c2536b679c270
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C21AE71B012119FDF88FBA8D8557BE77AABF85A04F10816AE406CB295EB34DD01C791
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C558 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 80089d98c8e6de665d2558f4ce17f3c7f1d4d0dbdfeb1830796a44eb440850c2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e4ee2fdc2898c814522170a581be7cb826164b0aa3529407a664e2254eac16a8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80089d98c8e6de665d2558f4ce17f3c7f1d4d0dbdfeb1830796a44eb440850c2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74317E752007428FD725EF24D594966FBF2FF893117089669D54B8B762CA30E846CFA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8310C Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 969e1c1f9a58962f6089d409c83d7dff751f21e2a8db3065cae54d4a7e662356
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7bb63e4d8046bab160d1012cfdae39fd80b437e81c1691d0010e355fe2471d45
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 969e1c1f9a58962f6089d409c83d7dff751f21e2a8db3065cae54d4a7e662356
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF216B316463597FDF8237E4A9203FB7F99DF42621F018053E999CE161DE288956C3A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A845C8 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 068812712ca25f99a529a728bef05e5fa2c0df6214093c02a1542d8f03d312f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 840d2227da5f3a683d6147e3240113a7e2adcc0fcd14a4f8b73914bba73904b2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 068812712ca25f99a529a728bef05e5fa2c0df6214093c02a1542d8f03d312f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3321C1347012029FDB44BB6ED85495A7BEBEFCE61071944A9E24ACB361DA20EC06C7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A828F8 Relevance: .1, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 194490ea18bffad08c7231ada902e27c7e1de22c50922b06e7152c83535aeca6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4dabe9885f0a28c31877affef76a317d4173400facc7302b856cb47ecce409c8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 194490ea18bffad08c7231ada902e27c7e1de22c50922b06e7152c83535aeca6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621286141F3E1AFD703AB78AC616DA3F749E83204B0A40C7D190CF1A3E9148D4AD7A6
                                                                                                                                                                                                                                                                                                                                                  Function 0449D6A4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2196456110.000000000449D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0449D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_449d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c046b72bef98c0a63d2c41794d6586df8fd0b49b044dddc79930c19df9ca044
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4db7a9a32d508f92970f17142f48c535c4325f54aaa8b0f5ed80296367bb9417
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c046b72bef98c0a63d2c41794d6586df8fd0b49b044dddc79930c19df9ca044
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B72106B5A04244DFDF15DF14D9C0B17BFA1FB84314F2085AAD9090B256C336E856EBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B598 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3aef1ff3a072b8f15d8b59095c21f5548ca2022208a7bbc659c3ac17329103d3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 46a07be6bfbac36c0667a30044f9e07509441a5faa1c042afab341795fe18c2a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3aef1ff3a072b8f15d8b59095c21f5548ca2022208a7bbc659c3ac17329103d3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66212634B00209CFEB50EB75D815A6A7BAAFF84701F1081B5E9019B340EF30DC46CBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A84551 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8788af67f9064dc4aa97da4c33c9300bd65af1f30378bb2b8f40b2c34bfae850
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6320873895662214d0d790f97cfcd30d33050d5c67b70ce03a789859175925d7
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8788af67f9064dc4aa97da4c33c9300bd65af1f30378bb2b8f40b2c34bfae850
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A211BF313046025F9A65BB7DA84485EBFE6EFCA250304466EE24ACB356DF20ED4687A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B930 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e81188ccc8204e3460963813d441c2bcb0a9a1704d56e40296d8722ebc530649
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2b379ea52809354dfaf94cf8ce679a4af33b716d5b157044288d7136b9a83b94
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e81188ccc8204e3460963813d441c2bcb0a9a1704d56e40296d8722ebc530649
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 521163357142118F9794FA2DD490A6BF7DAEFD8260715843AE94ACB355EF71EC01C3A0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8AF10 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d85d04636944ff917a99a95680ed065bdd8d3ec9dda4280a54948fc708803f02
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d19c42d222790835839e27522b6bb898518cf990b2b628e98961c55036ac218
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d85d04636944ff917a99a95680ed065bdd8d3ec9dda4280a54948fc708803f02
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C31173767042014F9B54B7AEA49495BF7DAEFD8264314803BE60EC7755EE71EC018750
                                                                                                                                                                                                                                                                                                                                                  Function 06A83A29 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 64ccb565fe5554410f24ab3d313cb42ce88968aa51c9e25a19b791601ed57c89
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 90258e40ae72d6d4b25760276c8c80e2aafc5226a4205ba6a76a6167e48fc41b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64ccb565fe5554410f24ab3d313cb42ce88968aa51c9e25a19b791601ed57c89
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13218634B44605AFDF84EF68D8919D9BBB3EF88315F108019D40697391DF359C46C790
                                                                                                                                                                                                                                                                                                                                                  Function 06A85F48 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 93de44dfb79a0e2e9ea130a8dd6bef3f2327dc1e6e920308313c10bea15d67d7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 578ac3e28855e7d9a81ff651092f101af190edba170467731f8f49026df1b865
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93de44dfb79a0e2e9ea130a8dd6bef3f2327dc1e6e920308313c10bea15d67d7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE214234B101089FDB58AB69C455AAEBBF6FF8C614F148059E906AB390DEB1AC01CB95
                                                                                                                                                                                                                                                                                                                                                  Function 06A83370 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 572f9dd1d92f7e78e7b954ec272d12bb38dc3c8a11a81c17af4f2e919e09cb40
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4408e3c9a7d437854f3d22278d86070c0e25eb06fb02ef246e57e4952d90096d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 572f9dd1d92f7e78e7b954ec272d12bb38dc3c8a11a81c17af4f2e919e09cb40
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36118275B021096FDB48AFA598549AFBFBBFBC8700B008029F906DB240DF354D069B91
                                                                                                                                                                                                                                                                                                                                                  Function 06A830FC Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 22b5f8fc44cb834693065e3f6e6feb6f27cdf535129d4b1ea46f80212f49eb37
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b2a92d64d4258281c819669421f569af86c76d4d0e6dadebdc8e71313d5145c4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22b5f8fc44cb834693065e3f6e6feb6f27cdf535129d4b1ea46f80212f49eb37
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C11C620F193541FEF9537B559303AE2F9A8B82B14F0544AAD892CF286EE54DC45C3E2
                                                                                                                                                                                                                                                                                                                                                  Function 06A8A219 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 92cbe4e86f6382e7a5b2e6aee7401eeebc9506d8c131b45089dc31bbdae84397
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 32906daf8442a5bdef634c2400e1ec7faa8d95d3012b07f113c6c05d00d39604
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92cbe4e86f6382e7a5b2e6aee7401eeebc9506d8c131b45089dc31bbdae84397
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9115C74A002099FDB54EF96C884BDEBBF6EB88710F108156E905AB351DB71AD46CBE0
                                                                                                                                                                                                                                                                                                                                                  Function 06A85F46 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6a4ec6074015f07e11dc7ee990bc890ad19cad163fbc9d8ec8bb1c40681a970c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ad3d71b9060d6921fe01f8567b6219bcea39e54636c00b71009501caf3237172
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6a4ec6074015f07e11dc7ee990bc890ad19cad163fbc9d8ec8bb1c40681a970c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23215E34B10104DFEB48AF69D4556ADBBF6BF8C614F10805AE902EB3A4DEB1AD01CF94
                                                                                                                                                                                                                                                                                                                                                  Function 06A82258 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 64dd11e8ee126c6a847907e04f7a70ffacc59f423df6a646baea6eb6881cc063
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8e354618dd660e9ae72c14db02b47f4447da0ab4c552a0ac9dc2ff5503509af8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 64dd11e8ee126c6a847907e04f7a70ffacc59f423df6a646baea6eb6881cc063
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94212675E112189FCB84EF68D88199EBBB6FF8C710B10816AE915EB360DB319941CF90
                                                                                                                                                                                                                                                                                                                                                  Function 06A83A38 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f24494d2bb85d03853774ed2cbc069c732735f1f5ed65d774eed8cd3645a65e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: deee3d05edcc099bf2c774b624b60920ac7bd8aa2edfd9a93734d685a749b793
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f24494d2bb85d03853774ed2cbc069c732735f1f5ed65d774eed8cd3645a65e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D114230A04605AFDB84FF65D854A9EBBB6EF8C314F158025D40AA7390DF799C86CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A81958 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d37a86dd3b3fd161fba26b59b4dee5ffe9c73f1bd8f8870f262ca05b912a7021
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b3fd8bbe27933b5acb4c9bcaa6bc2d15142449cbe25b21c28c4ca2bf0cb1e32
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d37a86dd3b3fd161fba26b59b4dee5ffe9c73f1bd8f8870f262ca05b912a7021
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24113D35604255BFCB44DF68D458AEABBB6EF8C324F145019E40BA7380DB799C85CBD1
                                                                                                                                                                                                                                                                                                                                                  Function 0449D69F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2196456110.000000000449D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0449D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_449d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fd04cfa87501edb9c031b16b366e98f374891d2915113b8e9879de8a57b429de
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 08342890539521df02446103ed57d06b86b9ccbecccbc7b396b480e80b899f06
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd04cfa87501edb9c031b16b366e98f374891d2915113b8e9879de8a57b429de
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C111B4B6904244DFCF16CF10D9C4B16BFB1FB84314F24C5AAD8094B656C336E856DB92
                                                                                                                                                                                                                                                                                                                                                  Function 06A83380 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b6d50dcb4e6b73ccc24d81219576a37302b19ffffe69bfc68057a0ea47bc5214
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3f2ec9ffc01df229205dd9ac890742b2aed7b8e17c97252d98da52c8381a7a7f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6d50dcb4e6b73ccc24d81219576a37302b19ffffe69bfc68057a0ea47bc5214
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C118275B011086FDB48AFA5985497FBFABFBC8700B008029F905D7340DE745D069BD1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8AAE0 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c640b9dd3ee60d3f25c376bf7fab630d0cfeb29da6af69bcd62eae87d42a97f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b5992e98d6d971b25badec108f1daf1af4c8448ef1b8848cc3ec1fac1540b9c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c640b9dd3ee60d3f25c376bf7fab630d0cfeb29da6af69bcd62eae87d42a97f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A021C474E01209DFCF44EFA8D584AAEBBF2FF89310F504499D506AB355DA30AE40CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06A81378 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 60295a82015766f2a8e75a3d58783ecb6f79f30a5fc1e08c386f523051837443
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b21e8c6435881af91aca08db77647566370901b05b411a903238d5b000c8f554
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60295a82015766f2a8e75a3d58783ecb6f79f30a5fc1e08c386f523051837443
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1A2124B0C042099FDB10DFAAC481ADEFBF0FF88324F10842AD919A7240C7756946CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06A82998 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: de5f66f1dd60bb4f22743693e17ddde621a18a1171c7b3c9632b58f87d88e483
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e2bf1c0bee8ede2c4f5d0f79893e8fe0686379b3198be1b6df408d11e28a4063
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: de5f66f1dd60bb4f22743693e17ddde621a18a1171c7b3c9632b58f87d88e483
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AD01A13051A385AFCB02DB34ED217EA7FB5EB42200B1555CBE440DF1A3DA245E4687D1
                                                                                                                                                                                                                                                                                                                                                  Function 06A81380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0b71f60ba37adc146355826c7a762d8e2d3c09a6dae35c3c0d41ef9c7a5237ad
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 72810783d00e1a18656b8482df3a9f3f200ccd450d5377548f60d8c0ffcd1e15
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b71f60ba37adc146355826c7a762d8e2d3c09a6dae35c3c0d41ef9c7a5237ad
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FC1103B5D042499FDB10DFAAC881AEEFBF4FF88324F10842AD919A7240C7756945CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06A8576F Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5fbc55d785e9b9aaef51198517c3ef3effdc6f2b2bbca3b5a69bdc79e478bc5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4fa2a644d1b5049709aed5d6ef66a8dfd944450d33b44d4ce48acbbb1e3b3f61
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5fbc55d785e9b9aaef51198517c3ef3effdc6f2b2bbca3b5a69bdc79e478bc5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 910176367016019FDF91FB69A8408AEBBD6DFC5224314C96EE10B8F615DE20AC4B97A4
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B070 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5408921608e692f3fa30932590f9163a4a728d27061a8ec04f6cf9d2992dd7f1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c20f46745843174d79ff10652cff4fd73438c4010de3b934356717d141ff513
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5408921608e692f3fa30932590f9163a4a728d27061a8ec04f6cf9d2992dd7f1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901F2347052019FCB10AA699C4099BFBAAEF852407048269E509CB341DB30D806C7E1
                                                                                                                                                                                                                                                                                                                                                  Function 06A81968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3fcc63778b8f539d0998e1451224382d06b0f2be4c482864d1017640e8cec6e0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 32f994455a3fbf6b3761c62de3810f8352010a9946d9beb487d98c080cb46df5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3fcc63778b8f539d0998e1451224382d06b0f2be4c482864d1017640e8cec6e0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8113D35604215AFCB44DF68D458AEABBB6EF8C324F145019E40BA7380DF799C85CBE0
                                                                                                                                                                                                                                                                                                                                                  Function 06A846A0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e7869d1387c78e2651d3577cca207e1898274b07bc16d2e1e92323a8efcefcf4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1011d1f7eef978a093533be60a534f5ef18ddc06447fe20b58d54fe07d40016d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7869d1387c78e2651d3577cca207e1898274b07bc16d2e1e92323a8efcefcf4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F801DF34706285AFC740EB59D404D9ABBEEEF8E210B0640EAF645CB362CA21DC01CBA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8B920 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bf378bd50a634de44cdf909b0152f4d15f2d8d06eda3edb02f56ffa5aa6c1d16
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 170ae60af89633c6ea32b4f7b42b7fb0bae5054f93b24493430ce202dc4567da
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf378bd50a634de44cdf909b0152f4d15f2d8d06eda3edb02f56ffa5aa6c1d16
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0101A2317052418FD754EB2C8890A7BBBDADF89360718407AE94ACB751DB31DC01C760
                                                                                                                                                                                                                                                                                                                                                  Function 06A86038 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 61f337d59ffd03f822f2a55f80bfafae79e5cb7708b4c82abf4f90d34da3b3c3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d4f92a1d411feb33cb746aa6d522d15d1dc7864555f25e9dc53c409ded582b9b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61f337d59ffd03f822f2a55f80bfafae79e5cb7708b4c82abf4f90d34da3b3c3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E01F531508751DFD761BB68E80469ABBF1EF85305B00881DE0878B652CBF0A448C7A5
                                                                                                                                                                                                                                                                                                                                                  Function 06A857B8 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bce310d53f3893469d9966b6d7a4802344f8aa330e576148586bd2e5fde115f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4d1c181f2d1d6960872a0911cc24a12683a3ef6569cc15beb189d22b431206a9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bce310d53f3893469d9966b6d7a4802344f8aa330e576148586bd2e5fde115f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A70142303043018FEB05BB7AC85062E3BD39FCA51031885AED58ACF792EE22EC06D391
                                                                                                                                                                                                                                                                                                                                                  Function 06A846C8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bd04aa949d10f9606d916f7ee50bffcd562eb611829afd549ae275d00df7934
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12b13cbb83aaafe8fb75a5ac6a5ee7cbe6ad4f94fb2b72e3ffb69434a6e43288
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bd04aa949d10f9606d916f7ee50bffcd562eb611829afd549ae275d00df7934
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4F01D670E05209AFCB80BBA9A8044EDBFFEDB89200B0141AAE505E7350DA344A05CBD4
                                                                                                                                                                                                                                                                                                                                                  Function 06A856C2 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8fc2cee6a7729d31e563dc9dff6b13b8950ab7d2b8b547bc058d3e6f6ad480b3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a9a87b6388baa0942271639804501cff1c117b0d0fdd51fcc7fb7817f62b3fc4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8fc2cee6a7729d31e563dc9dff6b13b8950ab7d2b8b547bc058d3e6f6ad480b3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F014771205385AFEB21977998045AEBFDAEFC6304300459DE1068B786DFB16C0987F1
                                                                                                                                                                                                                                                                                                                                                  Function 06A81440 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b37e08a66bbfc19318777c793df7c2d07171cce28b735b3d69da88f08654eac
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c3ac79772bba952480743b74709e4edf33558e5070a0dda1c5a474545fa1665
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b37e08a66bbfc19318777c793df7c2d07171cce28b735b3d69da88f08654eac
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C01FC70A092475FCB49BF7858352663F95DFC110870118AAC50BCF151FA14DC86C3D1
                                                                                                                                                                                                                                                                                                                                                  Function 0449D006 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2196456110.000000000449D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0449D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_449d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d5a1388970e36fba11d2cc4c72cd77989e6659bd26b61f0dfbec0029021c4aad
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6fcb4e5564fa072a2927a8502943fe4c0ace415fa136314a08b528e43e022254
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5a1388970e36fba11d2cc4c72cd77989e6659bd26b61f0dfbec0029021c4aad
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9901126140E3C49FEB128B259D94752BFB4DF43228F1981DBD9888F293C2695845C772
                                                                                                                                                                                                                                                                                                                                                  Function 0449D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000002.2196456110.000000000449D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0449D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_2_449d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1bbcf80d29681398b43beb7f07230af768e807b566f3938c574d0468d76cca72
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 91374eaf036347b5a84eb5f6b5a5a9cccd811761410f3a5ad9be927602a79b9f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bbcf80d29681398b43beb7f07230af768e807b566f3938c574d0468d76cca72
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0601FCB0904304FAEF208E25DD80757FFC8DF41328F18811BDD080B242D279AC42D6B1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8858F Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d8a8c12bd02468c20bcaaedfd593cb126586f357b30547aabf10ad2c770e097a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 09e639113ea23cfd23bb8cf6e2ff906abe7900218b780e7e2ee05763d77b8af2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8a8c12bd02468c20bcaaedfd593cb126586f357b30547aabf10ad2c770e097a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 410144B5B053018FD744BB68E840C6EBBA2AF95210781C5AAE6028F362DE22DC00CB60
                                                                                                                                                                                                                                                                                                                                                  Function 06A8CB90 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 383aef20d0e01e0157a8c25a7cec76f34a5df699fd45f74ea327e243e1535cb5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f76a11437d1af0306e0c049114b827d1a5d5eefaaf27f938b53bd0ae0f569d75
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 383aef20d0e01e0157a8c25a7cec76f34a5df699fd45f74ea327e243e1535cb5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DAF06D367095144F9744BB6DBC88A2EB7AAEBC4971315013AE60AC7251DA71CC02CAA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8CB7F Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 22dddc10acb69bbe555fbbdf1b2a2fc2cb7ad727e8d3d777ed406671f5bd998b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b4399f8a64b6e71de96460afdc1cbbbde51b24d5f843889198cb933f844f4ca
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22dddc10acb69bbe555fbbdf1b2a2fc2cb7ad727e8d3d777ed406671f5bd998b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADF0F6357096101FC3416F2DAC9496BBBFAEFC5560305016AF106CB352CA30CC05C7A0
                                                                                                                                                                                                                                                                                                                                                  Function 06A867DB Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d2269cf26054eef39375941eae9e96b71e918a1b9fbaf3a0778864b4e746e394
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c1d6fdd89ba9d99a4c6fad438a9a281415d2361151a5b6d28b407111fabf2c7b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2269cf26054eef39375941eae9e96b71e918a1b9fbaf3a0778864b4e746e394
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91016970E01209FFDB84FFA8D84159DBFB5EF89200F1095E9D515AB282EA306E058B91
                                                                                                                                                                                                                                                                                                                                                  Function 06A8EA75 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f15b2986abc1821a33f6676d13e5dd5c4f018dd67c46cdf5df37930b9b1076f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d5dcabbf1ac125bb1675bb984124c623304cf9c67770b13e9849160dcbebaa2b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f15b2986abc1821a33f6676d13e5dd5c4f018dd67c46cdf5df37930b9b1076f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65F0E9357092411FC745166E989089EBFBBABCA92035900AAE105CF366DD659C0A8772
                                                                                                                                                                                                                                                                                                                                                  Function 06A8182B Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 37c6bd854413b5941ce99dd0e65533509bc7015d41a4b032b81965ec29621786
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 96c182239ad002d642c02f5ddd4e4a810a554f5dca50a5ab585295738534719d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37c6bd854413b5941ce99dd0e65533509bc7015d41a4b032b81965ec29621786
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2D016235A001069BE798BA68D5567AFBAA79B89704F154029D212F7380CE715D05CBE1
                                                                                                                                                                                                                                                                                                                                                  Function 06A86769 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d1943510783bd9956cc74a3bbc92f10e49e2855eb6fdb25dc75836f65761534
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b8ba25e095fdd5dd7cd96b29589cb66d3a2301188a7177fda6b1fe532d6ae0de
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d1943510783bd9956cc74a3bbc92f10e49e2855eb6fdb25dc75836f65761534
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F201AD36B01501CFEB50EF68D68056DF7A6FB88321B609A39C0169B344DB31EC8ACBC0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8AF00 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 91a29c6de940f11d5d673781298ab10910206f29d0863999615a6dea50e7996b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bec8cc99259a488c3b9feb326c426d0fb89410411331b3a0ab7884ff45fe7a03
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 91a29c6de940f11d5d673781298ab10910206f29d0863999615a6dea50e7996b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F0E2717057452F8395676E6C408A7BFEEEECA260304816BF60ECB356EA71DC0583A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C4C9 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 86b639daf2cde3ba51949e456d17e5654983fbd343feeddccaa252853ae0ea19
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 76b3394c79761c1a974739b1e365cc6a6ff0e5da7d20e2e13a49116923d48d2a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86b639daf2cde3ba51949e456d17e5654983fbd343feeddccaa252853ae0ea19
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64F059312153016FDB2677285C009EB7FAADB822A0B0402A6E0478F102EA61D804C6F2
                                                                                                                                                                                                                                                                                                                                                  Function 06A856D0 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c75975ce4e89588244c251f67955f15e366009853f603b3a18578c6bb153d3cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ddd64d00f15e68ec0c3c22182c4f5f27eac6f0f20a76c5ea55a5bc06beaf77b8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c75975ce4e89588244c251f67955f15e366009853f603b3a18578c6bb153d3cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BF0A472200305AFFA64AB69944456EBFDAEBC5614740456DD20B8B785DFB1AC0A4BA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A868D1 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c313e271f03c1b47520ccfc617675060030c65803e1e5d71c5833af721f94cd9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2fd10fd81039f9881c8fba5f6aeb6c95ccf8725e7365dbb332b01ca8b6c37285
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c313e271f03c1b47520ccfc617675060030c65803e1e5d71c5833af721f94cd9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F09036A05255AFD706DB59D804D8ABFF6EF8A21030981DAE558CF262D730DA05CBA0
                                                                                                                                                                                                                                                                                                                                                  Function 06A85752 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c62ccc0686e49259f750eb7eb6e234e164109bbc6e479b33c2b51880e9f426b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dfb2cbb9192ea04b7c8a58011eedf301de7d10aef6f750657496f63d3062ae10
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c62ccc0686e49259f750eb7eb6e234e164109bbc6e479b33c2b51880e9f426b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AF09772300305AFF7416BE8A8005AEBFDAEEC0200340806EE20ECB702DB70AC054BF0
                                                                                                                                                                                                                                                                                                                                                  Function 06A857A8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 119797fee1a786edac0c2419d85bf47b15dfa9f108ec8eb033e1925a87f7310c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c0d988fc4a3c3508ff8792df61665d789aab4fe395349cfafc6e63493959c2b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 119797fee1a786edac0c2419d85bf47b15dfa9f108ec8eb033e1925a87f7310c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70F0BE307043429FDB51AB6DD85099A7BEADFCA25030484AAE546CF362DA21EC02D7A0
                                                                                                                                                                                                                                                                                                                                                  Function 06A867F0 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c479b8f8a484f26aaad75cac65c17b1ca54e972df482e38f14b6eb28689ca8cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1575fb0124dcd8d990dd61e5eca15f117c324e1612e6da6710a0532484bb1b39
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c479b8f8a484f26aaad75cac65c17b1ca54e972df482e38f14b6eb28689ca8cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD014B70E01209FFDF84FFA8D84559DBFF5EF89200B0091A9D515AB381DA306E059B80
                                                                                                                                                                                                                                                                                                                                                  Function 06A845B8 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b06cd95865d6dfefa0f4b5888af22f896a21019efdd3810630516933758733b0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 33561fbe1c09f43bf993595c1631e0cce2f93dcdd5d97eecd639831c21ba8426
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b06cd95865d6dfefa0f4b5888af22f896a21019efdd3810630516933758733b0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68F054353052428FDB11AB6DE85496E7FE6DFCA201304456AE146CB366DA21DC46C751
                                                                                                                                                                                                                                                                                                                                                  Function 06A8A369 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 71c34d73fa8e141ce9738571e14b0bb55328b25796b6c7affe334dfbf0d82ed8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c89f097c30a6e8a82bd8975d73a6e56021cfc96c4de7880ef5d41f92fade885f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71c34d73fa8e141ce9738571e14b0bb55328b25796b6c7affe334dfbf0d82ed8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAF052307093519FDB1A6B74840429D7FA39F86018B2881AED8865B342CE239C03C3D1
                                                                                                                                                                                                                                                                                                                                                  Function 06A838B0 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f874c738fe9a8cd30e33bd3c12b2d4707f4f3892a72b52730c3dc574db09e334
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8814fc2739c8c7c4e4ce59944c4c719d8123ddfdd132ad72536cc8976b2cc781
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f874c738fe9a8cd30e33bd3c12b2d4707f4f3892a72b52730c3dc574db09e334
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99F03710F297581EEF9532E5593039B3EDD4B42F14F020176D896CE646DA84D845C3F2
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C688 Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e5fb5ec1242faab060083bbec39cea9af579662e28441f25489062d5a68bd65d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e75971808ee5edf1bbf300449032667be31ba2365fe05e373965957507d6fa4d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e5fb5ec1242faab060083bbec39cea9af579662e28441f25489062d5a68bd65d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7DF0E5357102168FC758E779D800566B7DBAF882A0308A1B5DA09CB320EE71CC02CBD0
                                                                                                                                                                                                                                                                                                                                                  Function 06A81431 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d12730741f517ac359419c8f7b9ab53f1e72c2b25efbaea4b8db692acd8d54e2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1abff76a59da1886c7c9364154421151a522141f2fb883f82076f2a5b4700b19
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d12730741f517ac359419c8f7b9ab53f1e72c2b25efbaea4b8db692acd8d54e2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FF0B470A05147AECB48BFB8A52635A7F96EFC06187051C6DC2078F240FA24DCC2C7C1
                                                                                                                                                                                                                                                                                                                                                  Function 06A83CFF Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7028b19d6f00a0672634244f64cce74374a7638ee46ba1cf1bff37997a8e8022
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dfd9ddcdf5256979e618b87ff72570eeb8b95a68508e698b5fea408684740ce2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7028b19d6f00a0672634244f64cce74374a7638ee46ba1cf1bff37997a8e8022
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F027B1806248EFDB41EFB4A81249D7FF5DA4260071044DFE405D7392D9315F09D392
                                                                                                                                                                                                                                                                                                                                                  Function 06A8AB90 Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 60d4e395c48012dbbe035ba30f56309a8953e99aab0ead1c19fc6cbcf793b93f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6b020347279358e26816a6b15277710dec2e47d713eec8bf02345c0957629ccd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60d4e395c48012dbbe035ba30f56309a8953e99aab0ead1c19fc6cbcf793b93f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16F0EC313042445FD7249E29984895A7FEBEB8A651F1441BAF50ACB751DB218C05C750
                                                                                                                                                                                                                                                                                                                                                  Function 06A84560 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e53860483f6571250745eade9d690f41526415884725892d3d322cda1ece33eb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf7e5cb5b065046afe9658d904e8bf321f8a9b954e6b427f8346f3ecaba07a64
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e53860483f6571250745eade9d690f41526415884725892d3d322cda1ece33eb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F8E02B323006021F9655B66EA40441EBEC6EEC9660300453DE60ECB340DE30ED498394
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C1D0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e8d1de8b91684e1e74eb0371cb421cfde8763b177a2a6cb0bb61b3ddffc69fe4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0fd942d0307cfb33a230e21da63e2c06221029f762ffa8b5a10c99b1247257d4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e8d1de8b91684e1e74eb0371cb421cfde8763b177a2a6cb0bb61b3ddffc69fe4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60E02234205300ABC7127BA9A4144DF3FEAEBC7355B00011AFA428B342CA606C068BE2
                                                                                                                                                                                                                                                                                                                                                  Function 06A83CC0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cfa5c1850a9c5175e2d5a5850e911d8b6862a13d409415b75664a3004b31e70f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 75e6bbc0352e57fea2d90f5b313621b7b8bd6fde7db1d6bbf06bc797964ca334
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cfa5c1850a9c5175e2d5a5850e911d8b6862a13d409415b75664a3004b31e70f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86E0D8363493A01B4B461AED24254AD7F5ECAD7951304019FE506C7343CE455D0993A3
                                                                                                                                                                                                                                                                                                                                                  Function 06A86AAF Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f7a113fe27b2e644d997834a13c2306f4acb6ccbc1e84f0ecd007a951ee5271
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 05963a0d288bc9e5333057e5160b49e397f2d2bb2360905aeec00c3a655100d1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7a113fe27b2e644d997834a13c2306f4acb6ccbc1e84f0ecd007a951ee5271
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8F06D316042549FC302EF5CD880C82BBE9BF5A20074581EAE84ECF363D721EE16CBA1
                                                                                                                                                                                                                                                                                                                                                  Function 06A836A9 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f8681a4a893378caacf59593bb12e4382fc53383625a05323e8e0c8235d5a5d9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8f086b3ba135295c16911b49adaa703ed95e71d2ab700f4caaae1622dfa79096
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8681a4a893378caacf59593bb12e4382fc53383625a05323e8e0c8235d5a5d9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25E0E5B5E02206EECF94EBE899005DBBFF4EA4565131042ADE017CB250E3318302CBD0
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C678 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d1e006f3f62a1ed79f923b460fcec677ae0f29c00113ec62c36a587d1da2852c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b97b11d4c98120924bd5029e544852c098efc4f7ffe6b226f3a4484187ff0bfd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d1e006f3f62a1ed79f923b460fcec677ae0f29c00113ec62c36a587d1da2852c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57E0D8366053465FC71663744810492FF6B9E46160708A2F6E9048B256CE31C853C7F1
                                                                                                                                                                                                                                                                                                                                                  Function 06A83C89 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 06ffc834378933006bbe40cfe0a3b0aeb426031c5120d54c44b04466dce0313c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3ee38e4f89b82e0b33e7e5111f548476c3fec0c4a073803b96d8fba0186a343a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06ffc834378933006bbe40cfe0a3b0aeb426031c5120d54c44b04466dce0313c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41E086B174A7E45EDF4577FD64204E53F65D98265230406E6E14BCB543C6028518C7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8CAC0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b41f87fd216475de9e615b45951e2b33f325273b67246f195e44457a901d3613
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 457e448bbc9e892c24ad8b10a764874c255f1e89bc194b4b1ff49e39e13a035a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b41f87fd216475de9e615b45951e2b33f325273b67246f195e44457a901d3613
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96E0EC1110E7E15FDB07BB7C58700DABF669C8321530946C6E1C28E053C608A99AD7AA
                                                                                                                                                                                                                                                                                                                                                  Function 06A86898 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c9267b7eb899df30cb103e06393997bbf69b4c9deca5df1f765cea21b762ee81
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6ac0a32e28d2f6afd0902d322cd187913d399376ba2a01ccfd8e9161f4815f44
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c9267b7eb899df30cb103e06393997bbf69b4c9deca5df1f765cea21b762ee81
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAE086311062516F83628A3CA804CC3FFFAEBCB35131693EAF005CB116D6208843C7E5
                                                                                                                                                                                                                                                                                                                                                  Function 06A836B8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 29d77e49065cfa88d22a845e3f4da6a104320132866f9328334e069986d2750b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cfa8bbc40a4569aa7e3c07af7d9aef3d38a138ce3fc30ebf22d8fba1c64544d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4E01270E0021ADF8F80FFED99001AFBBF4AF48640B208579D519E7200E3329A01CBD1
                                                                                                                                                                                                                                                                                                                                                  Function 06A8C1E0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b282b1cae196745c5654e9baabc64b0759c6899c4401cc9d367ad07d52d4ac5c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8dc99eb6ba023a7e5893da819213eaaec06781df0ce1cb52a3b50b0ce5d35eab
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b282b1cae196745c5654e9baabc64b0759c6899c4401cc9d367ad07d52d4ac5c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 21E0C2312003049BC7147B99E10855E7FDAFBC9764B00042DEA4683740CE71BC468BD5
                                                                                                                                                                                                                                                                                                                                                  Function 06A83CD0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 51353a6f17b17efd5a249c0fe59062ff86240dd9f8e1fa573ad7b05a3d534a93
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7dd49b538857cffc9302738b47f589a319ba94211dea61b74728ba897c2cc807
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51353a6f17b17efd5a249c0fe59062ff86240dd9f8e1fa573ad7b05a3d534a93
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3D0A776300120171F4836DE741442E7F9FCBC9E61314012FEB0AC3344CE515C0953D5
                                                                                                                                                                                                                                                                                                                                                  Function 06A86AC0 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 49016f539fe560acf03014479ac8101a9bcde924d4efc2d95512e7ce50397d27
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c543758c077da33bd2f39ca73f5e536e3e3fe435c7c85dbfd56bcb5e1cd05865
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 49016f539fe560acf03014479ac8101a9bcde924d4efc2d95512e7ce50397d27
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29E0EC753042149FD314EF5CD880C92BBE9EF592543558099E949CF352D722ED12CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06A846D8 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2212dd8fac654dc59c1888afb2523d5e8e675d23418c8f16fbb398a1ef857617
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c01b6b52325aba8e474d7a36816cd92775565e965d5e72d5a7acd56139028ba1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2212dd8fac654dc59c1888afb2523d5e8e675d23418c8f16fbb398a1ef857617
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16E09274E0420CEFCB44EFA9D44459DBBF5AB48300F0085AAA909A7350EA345A498F81
                                                                                                                                                                                                                                                                                                                                                  Function 06A817F0 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e3d704c6112816b4185789db9d9cff1febfd7ec996e3254d6cbb6e8df4f87214
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ec8fd4b62c980b10b39e0465f77d9dcccf445aa2b8a03fd764ea1a54208aae19
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3d704c6112816b4185789db9d9cff1febfd7ec996e3254d6cbb6e8df4f87214
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3D02B3A2091845FC7067F14E95149A7F76AB5A2503044093F0C1CB1B2CE204A25C750
                                                                                                                                                                                                                                                                                                                                                  Function 06A80C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 03cfb4e894bfa0b704628b3e8967ffddf979edbc895aa30ffeff14171e396fd0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c31e52d10e6f1656c2f1dc4c02936b51ac9e8536533a9bc8296e0c3cf0df07c0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03cfb4e894bfa0b704628b3e8967ffddf979edbc895aa30ffeff14171e396fd0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74D0A73661001C6F53407A19D8468AA7BA9EB952603104427F94383214DD70AC46C3D9
                                                                                                                                                                                                                                                                                                                                                  Function 06A83D10 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ffde3c4abdca9c1eb372f76d22a9d33295ded19827a40e354f812bf71b914f1e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 30bd3f496a3f669a87e0e5863823b6d0e9d9756c6e749d4ef75c8fe094738377
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ffde3c4abdca9c1eb372f76d22a9d33295ded19827a40e354f812bf71b914f1e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1DD01770A0110DEF9B40DFB8E91555DBFF9EB49604B2081ADD909E7380EE316F049B90
                                                                                                                                                                                                                                                                                                                                                  Function 06A83938 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1db9c52330b442cbc2516a12141697921acf1870ec495fece530dba9866b7e59
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b266bfd428434cb2ba3296a3f831d927c6fefc41b6b8aa6de02fc29bd09e6e66
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1db9c52330b442cbc2516a12141697921acf1870ec495fece530dba9866b7e59
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3D09720F1A3905ECF0533F8A5186893F4BDB42700F0240C7C942CF0A3EA2488008342
                                                                                                                                                                                                                                                                                                                                                  Function 06A8E32A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f9e1453db0841835ab2b16e158249c3ca3a980384f9d55b3fdbf66826dac595a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 68adc60f75cd98c7c36d37f23821f7b0351573223a96fe6d14cee2e085b3003c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f9e1453db0841835ab2b16e158249c3ca3a980384f9d55b3fdbf66826dac595a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DDE01230B1420BDFDB54BFE0C5546AEB771FB04305F204418D402AA254DB749D06CF81
                                                                                                                                                                                                                                                                                                                                                  Function 06A82968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5396dcdfe1848f0bf288a4ee94a267b699ffbca3b8e004e7524abb8027311a01
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5ba1938addae12878474c57ab2b88381c74f45cc3f54c385b9620003898cf30e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5396dcdfe1848f0bf288a4ee94a267b699ffbca3b8e004e7524abb8027311a01
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0D05E7491220EEFCF00DFB5E91595EBFF9EB44200B2086A6E404DB210EA305E018B80
                                                                                                                                                                                                                                                                                                                                                  Function 06A83C98 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 52f0e2431a6f4cdd67bc15abfd3bdbf9fe6f1073bea14ba02022f835d69d6994
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4780bfca98732451c2c09e1f36f6bcaf6d2dca4c1f306b2f1083ffc2827d021b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52f0e2431a6f4cdd67bc15abfd3bdbf9fe6f1073bea14ba02022f835d69d6994
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2BD0C9707252088F9F88BBE9E55552577A9AB88A0430088ACA90ACB342DB22F906C680
                                                                                                                                                                                                                                                                                                                                                  Function 06A80440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 673cfb5686f040755cf7ba7b8d815677ea2df6eef665e86b76ecb92a8c730d52
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e3d5d1967e48bcf0c2c04ac1f73dca99959c7400cd30a7258f5d200c54b7cd95
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 673cfb5686f040755cf7ba7b8d815677ea2df6eef665e86b76ecb92a8c730d52
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C08CB3F75A12ABC16D9A44408A2EBB320FB70206B808106C00404000F3325077D6E5
                                                                                                                                                                                                                                                                                                                                                  Function 06A846B0 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000005.00000003.2195344215.0000000006A80000.00000040.00000800.00020000.00000000.sdmp, Offset: 06A80000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_5_3_6a80000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d97efcf2b79c4ef589f63a9e9d17c5f285e0ca43a1e14efa50a5e215cc655be
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2cfcfa3b09524e4bac247a86e965c86fead321cec806f0c038b5450e32c53155
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d97efcf2b79c4ef589f63a9e9d17c5f285e0ca43a1e14efa50a5e215cc655be
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58B0927090930CAF8620DB99980185ABBACDA0A210F0001D9FA0887320E972A9105AE1

                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 068250B8 Relevance: .3, Instructions: 283COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 580c1488d67e93316e60708de7215ca58858cdbc837dee5a3276a791394bfd3c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b631b6add7b0170483b7fd208da57d4e831f66fd5759b36f68fc0a4916d989f0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 580c1488d67e93316e60708de7215ca58858cdbc837dee5a3276a791394bfd3c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DB16FB0E4021ACFDB54CFA9C8857DDBBF2BF88714F148129D815E7294EB749885CB82
                                                                                                                                                                                                                                                                                                                                                  Function 068259A8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6b19ebc3ec44d9ee33a379b2331c5dbcc0094e696ae41e1e75c98486177ab22b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3d8cb51d7c63e988e272a6d211d2c68e02739ef8e3fb47b94d92a0378000bba2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b19ebc3ec44d9ee33a379b2331c5dbcc0094e696ae41e1e75c98486177ab22b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9B16070E4021ACFDB50CFA8C8857EDBBF2BF88714F148529D915EB254EB749885CB92
                                                                                                                                                                                                                                                                                                                                                  Function 068250AD Relevance: .3, Instructions: 317COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1cc000fc65d5ffd2610c43fb94db3d1c83aff0a7fdc0473d705e89638d997000
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 83c80af9234951b73330d045d233be2013eba353b44dd17ba688f64fb3e27569
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1cc000fc65d5ffd2610c43fb94db3d1c83aff0a7fdc0473d705e89638d997000
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25C17D70E4022ADFDB54CFA8C8857EDBBF1BF48314F248529D915E7294EB749885CB82
                                                                                                                                                                                                                                                                                                                                                  Function 0682599C Relevance: .3, Instructions: 265COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4971ee1f528ff7aad355df392e77c25cd152238b0f8f7aabc6582b12a3b2a4bd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5ce90513633ee4e8683cdc1b5a8839948de34f6771b309b0048b57fbcd39a80
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4971ee1f528ff7aad355df392e77c25cd152238b0f8f7aabc6582b12a3b2a4bd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8FB17E70E4022ACFDB50CFA8C8857DEBBF1BF48714F248529D915EB254EB749885CB92
                                                                                                                                                                                                                                                                                                                                                  Function 06821080 Relevance: .2, Instructions: 212COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8a7d0a671c7a469419212d45ae9ddb359bd51a8b30d461e6e0b4894af7619527
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0704abdcc37bbad2e62503a625acece85e7b99c20e2ce44cfe359270eb259ee0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a7d0a671c7a469419212d45ae9ddb359bd51a8b30d461e6e0b4894af7619527
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7371A575B002198FEB44DBB9C85866EB7A7BFC8304F248025E606EB394DE75DC828791
                                                                                                                                                                                                                                                                                                                                                  Function 06825705 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 270ef78772b7f32763c82b1d1fa59ca7409ea223f7d6928754ea632e31668bf5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c96b136b73335d16f152cfdefbd62e8f11bd5e4b2e28135d86caa588c2451b18
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 270ef78772b7f32763c82b1d1fa59ca7409ea223f7d6928754ea632e31668bf5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67718BB0E4021ADFDB50CFA8D8857DEBBF1AF48714F148129E915EB250EB749885CF92
                                                                                                                                                                                                                                                                                                                                                  Function 06825710 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e0f0f1dfe2b2ed492609c5ce392380203967cc16ca403f1a0804853f7a40ed03
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c4fc9214a0698ade5185b01c4721e7b1ef9e56f2ec78a764ead351281ca1b1b1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0f0f1dfe2b2ed492609c5ce392380203967cc16ca403f1a0804853f7a40ed03
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F718EB0E4021ACFDB54CFA9D88579EBBF2AF88714F148129D415EB250EB749885CF92
                                                                                                                                                                                                                                                                                                                                                  Function 06821630 Relevance: .2, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0e286e3c40c597b83d24996da2bb90d8edecb080c5c2ada072594ee56bdf1ad1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 228242a0e6b844452f2e56d89fadf127501db50fce1e5457b9a35df92a54dcb6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e286e3c40c597b83d24996da2bb90d8edecb080c5c2ada072594ee56bdf1ad1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A951E535B0021A9FCB55DF78D8446AEBBF6EFC5350B24813AEA54DB354DA309C82CB91
                                                                                                                                                                                                                                                                                                                                                  Function 06822268 Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: aca72e4ab55b90b4421aedaf4026484dbd1ccec132c96ba9a7ac8ee8d310a504
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7595db8cf3a27fac1844ef9baf4d046a1f5681644f020e286f4008367aebbc6f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aca72e4ab55b90b4421aedaf4026484dbd1ccec132c96ba9a7ac8ee8d310a504
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C414C75B001199FCB94DFA8D89499EBBB6FF8C710B10816AE905EB320DB31DD41CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06820C1C Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c0918289476456bc533ccf7649a9659c4eba37738ca27a2822fd4c8b8eab7d50
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5880dd53b1535ef3785f00a00c082fa2e9037d670f8edd160bb8e2e4ed629707
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0918289476456bc533ccf7649a9659c4eba37738ca27a2822fd4c8b8eab7d50
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99315A30B0435A9FE794977888543BE7BE69BC9304F24446ED642EB281CE754C8583A2
                                                                                                                                                                                                                                                                                                                                                  Function 06821073 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 75145762022926a3e6d2fc3d82f79dc4363af2ab47f881b143dd8523d6e7ce9c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 005b1c307a4a04fb5f986373233f23f3bf478e6fb432b91c866a3444c77e30f8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75145762022926a3e6d2fc3d82f79dc4363af2ab47f881b143dd8523d6e7ce9c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF110D32F002199BEB548A758844AAEB7DEEBCC254F148036DB06D7340DE71CD8587E1
                                                                                                                                                                                                                                                                                                                                                  Function 06822B18 Relevance: .1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 08c27904d81ac5aeb0da358666eeb638c5a4fbf1d562dfe20a5000b7c8c34403
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ec9631e62431a1eb9006f974d569f598d28175df3d237b344e96267cf0f8f8b3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08c27904d81ac5aeb0da358666eeb638c5a4fbf1d562dfe20a5000b7c8c34403
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E011A335B0052A8F9BD5BB7C54202AE77E2AFC4252B104539D60ADB344EF30CE468BD6
                                                                                                                                                                                                                                                                                                                                                  Function 06822258 Relevance: .1, Instructions: 60COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 79eaf478a57ec0e72c933fb86330c2265a5be1758735390dbf1d02c12e1a234d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4ef0b82fbe4b588b12de94ad7f9b869fd836d9578f638d582d4895b93d382821
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79eaf478a57ec0e72c933fb86330c2265a5be1758735390dbf1d02c12e1a234d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C21D8B5E102199FCB94DF69D88599EBBF5FF4C710B10812AE915EB320EB319941CB90
                                                                                                                                                                                                                                                                                                                                                  Function 06821378 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fe2181d09094ccb0055730c3215b4f2fe998c76883819c06c8805ce65f196bb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c1835a4cdfa5951913fbefc40aa76481f180f9f9109f3c4b656940d55ec280a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fe2181d09094ccb0055730c3215b4f2fe998c76883819c06c8805ce65f196bb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC211574D042099FDB10DFAAC885AEEFBF4FF48324F10842AD559A7240C7756945CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06821380 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8523d8c01e3abfd41a0dbc7546dd0a9090cb924f1b93d4da7b88d3dda706fea
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12fb7f8eae8b04d95c95b13b4c85bd2750aa4273228065a4fc4a33ba71141e96
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8523d8c01e3abfd41a0dbc7546dd0a9090cb924f1b93d4da7b88d3dda706fea
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 451124B4D042098FDB10DFAAC884ADEFBF4FF88324F108419D559A7240C7796945CFA5
                                                                                                                                                                                                                                                                                                                                                  Function 06821968 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f26be579ec5dfd75790be025fd3cf823fe7135bf7d709974d54ac6522813ebb5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b36f2a1df8a872858016122a4fa1a64cbc30bb36a30c89a9f5547af86d01faf5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f26be579ec5dfd75790be025fd3cf823fe7135bf7d709974d54ac6522813ebb5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C114231600109DFEB44DF64D459AAD7BB7EF8C318F148019E61AEB341CFB65849CBA0
                                                                                                                                                                                                                                                                                                                                                  Function 06822B08 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 66a070488d98c02136cb1dc97b812c4d4da205994e71aaec5e185240dccf3423
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7240d07a7186773e4ac124afc8de240f396fb7379ce8ef98421baad351cd5f20
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66a070488d98c02136cb1dc97b812c4d4da205994e71aaec5e185240dccf3423
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1801B175B00226CF8BD5AF7844242BE7BE69FC4205B104539D519DB344EF30CA82CBE2
                                                                                                                                                                                                                                                                                                                                                  Function 0682182B Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ea4ecf518c81d5b4754fa0a7181761994ba805ac36ac7ed2972eef0508b2270f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e5a1d33a2b052138c3156be673421052025995a57fd0f9de0d0bfe3882f4af74
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea4ecf518c81d5b4754fa0a7181761994ba805ac36ac7ed2972eef0508b2270f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB01DB35F0012AA7E7949A6C89997FF79EB9BC8300F24446DD612F3380CE755D8487E2
                                                                                                                                                                                                                                                                                                                                                  Function 0423D01D Relevance: .0, Instructions: 45COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2212008561.000000000423D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0423D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_423d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 491569154d7bf4b99a74610f1ffa3f4b9598189f0e7fafb0ea487b60e9b9068b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 65dca9602c00f48673b3b5b98076f0242b4d97e0f2f20a273bb415c48939d8c1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 491569154d7bf4b99a74610f1ffa3f4b9598189f0e7fafb0ea487b60e9b9068b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE01F7B1628305DAE7114F25E980B67BFA8DF41B25F18811AED084A282C278E842C6B1
                                                                                                                                                                                                                                                                                                                                                  Function 0423D006 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000002.2212008561.000000000423D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0423D000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_423d000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e896015e0afea66db90768f73577325fd7055a5e97b3ad71a7c3648fb30d75d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: df00c17d6a8a653a2caa3b72098b09207d8c1071418ef98e0604ca51dbd401ad
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e896015e0afea66db90768f73577325fd7055a5e97b3ad71a7c3648fb30d75d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10014C7110E3C09FE7128B25D894B52BFB4EF43625F1981CBD9888F2A3C2699848C772
                                                                                                                                                                                                                                                                                                                                                  Function 06822A68 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9af0a3df1284863b0f294e93b3a274f48cc91a4ad012f56ef9d274c39f4a6ce9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cb66c1c7ff46b3befbde75d06f6071379a9f8cfc23b57f89f7d9a46df924c78d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9af0a3df1284863b0f294e93b3a274f48cc91a4ad012f56ef9d274c39f4a6ce9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5C01BC78B00212DFCB84AF78D8465AE7BF5EB89711B100429E906EB310EB369D42CBC1
                                                                                                                                                                                                                                                                                                                                                  Function 06822997 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6c8bcd5546b428d1b247d13bd954dfa6ac945a51e5d2eff3402063d7367f2546
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb464e22a91e22c1b071c772b17038375985f62a9d6205425932cdae5b17eb96
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c8bcd5546b428d1b247d13bd954dfa6ac945a51e5d2eff3402063d7367f2546
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0A4703103129BDB58AB74E94575A7B56EB84315F00846DEA06CF240EF62D88A87D5
                                                                                                                                                                                                                                                                                                                                                  Function 06821440 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 634a1435e54b366a436e73b1e2f7cc1c279732d6e138ad811b45a5f4672ae6af
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 354bfa5f9bbe4648d978346ee7f5081049e46f45d82b561eee30f887acb5d9d3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 634a1435e54b366a436e73b1e2f7cc1c279732d6e138ad811b45a5f4672ae6af
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0F0F930A1524A4FD7499FB8593961A3F97DEC520C71508BED349CF152ED52C44AC7A1
                                                                                                                                                                                                                                                                                                                                                  Function 06822A78 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7e250f534576cf417e1834e22550ad4d716e71cea4967a8c9591e9ef82aff871
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 50b0dbae1342cc0f56f6b81203a396496b8994a4a1bf02c0408f73f5a80ca97f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e250f534576cf417e1834e22550ad4d716e71cea4967a8c9591e9ef82aff871
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97016978A00215DFCB44EBB8D4566AE7BF5AB89715B100069E90ADB350EB329D42CBC1
                                                                                                                                                                                                                                                                                                                                                  Function 068229A8 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fe33ede35e66dfb287ecce284fc77366b507dcd88baa40c34f3efeb4b54f363e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b5726c281d88fb560e3d8bd12896cbc403ab9c35709314406da15d9aab4ab359
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fe33ede35e66dfb287ecce284fc77366b507dcd88baa40c34f3efeb4b54f363e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55F0B4703103129FDB18AB74E95465E3B5AEB84305B00843DE702CF240DFB2D88987D5
                                                                                                                                                                                                                                                                                                                                                  Function 06821431 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 16671599e5002f0e050284fa414978ca4d701f88ce075a1a847a46ad4e5fa390
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 63718aff461d2210936432c3dcdae2a92027aca9ddf495bae3a71c3b6871604e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16671599e5002f0e050284fa414978ca4d701f88ce075a1a847a46ad4e5fa390
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F02B30A1114B4EDB089FB8553A62A3F8BEFC421C714087DD34ACF241ED22D446C3E0
                                                                                                                                                                                                                                                                                                                                                  Function 06822A20 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d70f3a60e3d1cc34f46919cbca73f5a6d3c85a4e5d92871353e5b1c065a4150
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fd60ed7170d9c60ac5de1a5c0172d2dbf01648cd5c370479709907c174f0d641
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d70f3a60e3d1cc34f46919cbca73f5a6d3c85a4e5d92871353e5b1c065a4150
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44E026317066738FCB180A39B0182BE7FAA1FC5624B42805DF107EB180DB5A8BA68384
                                                                                                                                                                                                                                                                                                                                                  Function 06822A30 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1b63c3a1179332297972fe1f74c70c5b72f6912ecd3c115c0c43eab1f9f55520
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4f5a81ed0e4439e800f9f75ce732defc8b81c8b51d74cdba8c36ce4f351efb3d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1b63c3a1179332297972fe1f74c70c5b72f6912ecd3c115c0c43eab1f9f55520
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 27D02B3070513ACBDB14153A64242BE378F5B856517418025F60BE6280DF8ACAD143C4
                                                                                                                                                                                                                                                                                                                                                  Function 06825EB0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ae80e310f42093ac47ec18bcb525209be8027a248d782f8e1f22aef1d662e79
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 11f2d94c7b0b43cdc53d8ae57cb3391046157307fa871766bcf3706269288661
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ae80e310f42093ac47ec18bcb525209be8027a248d782f8e1f22aef1d662e79
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0D02E32A402219FC7508B7CE414B9A77AD8F09724F1000AFF605CB322CEA1DC408B9A
                                                                                                                                                                                                                                                                                                                                                  Function 068217F0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3848511d3b2afcff90cf1e3a863b1bc3542f35446e03de3a38c3753f1dfaf6b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6c1a3a45cecb001808683744c662f8639200d6ef3c32b6156489d61015f92046
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3848511d3b2afcff90cf1e3a863b1bc3542f35446e03de3a38c3753f1dfaf6b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62D02B321101255FC3515B14D4516AABBECDB48621F204027F5C187250CFB24C91C7D4
                                                                                                                                                                                                                                                                                                                                                  Function 06822959 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b7f1d69e2caef609f91811f4ff64c374c4e098f73ca24dc798b1483553342c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ed6903d4d1aa2529e6253d2a636e5e8ad38c298e7b7a3199ba8b88a02813c585
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b7f1d69e2caef609f91811f4ff64c374c4e098f73ca24dc798b1483553342c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97E08CB281220AEFCB44CFB4E80165DBBFCEB04310F204AAAE4449B210FA755E428B80
                                                                                                                                                                                                                                                                                                                                                  Function 06820C48 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: be63ad4620be350c4928b35d313e068cc150899ed3e879e4e62ffa6f090bfd23
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55e971f5c31fd71eaf7c7f767fd5cd76519441573c05caa37e61faa5fe478627
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be63ad4620be350c4928b35d313e068cc150899ed3e879e4e62ffa6f090bfd23
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03D0A7313511258FD300575CD45096D3399DB4D718B00046AF60BC7320C952EC4406CA
                                                                                                                                                                                                                                                                                                                                                  Function 06820C0C Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2173d4bf3b0cae155e9914c4f3434d57c092e8a77badce64c0fdbc17961ce1cd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 67a079a21d9d9bb9e7f83564a477a953b68d971b8c3692fb5c732bdb3146cabc
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2173d4bf3b0cae155e9914c4f3434d57c092e8a77badce64c0fdbc17961ce1cd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25D0A77221002D6B42416618D8868BEBB99EB897617104437FA42C3214CD615C9583DA
                                                                                                                                                                                                                                                                                                                                                  Function 06822968 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2a3ddf730a106ff562b392f5e3bbb07454161a568686f3f5dcb2fa5beb9c256
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 76a5142188710822a9de66d7cecc839c0f7355ade325b59860b1fdaf76253940
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2a3ddf730a106ff562b392f5e3bbb07454161a568686f3f5dcb2fa5beb9c256
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CED05EB491220AEFCF00DFB5E94195EBFFDEB45300B2086A6E404DB210EA315E018B80
                                                                                                                                                                                                                                                                                                                                                  Function 06820440 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000008.00000003.2204105356.0000000006820000.00000040.00000800.00020000.00000000.sdmp, Offset: 06820000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_3_6820000_rundll32.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 161cdc7602aadfd03ce4b7f95b37592c49f0e3b25aeb9856526e597d7834b02b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7a7b91ff1608e15d12e0cc1e4cd8bdaad4c48f1c45e46939d376e40e2016d6b4
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 161cdc7602aadfd03ce4b7f95b37592c49f0e3b25aeb9856526e597d7834b02b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23C04CB19541059FD700CA60D9096A67BB6EB6031BF50C17AA5058C011D7774463DA71

                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412636F Relevance: 1.6, Strings: 1, Instructions: 396COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: h) 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1551543688
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ce2f43665a99c97aff692886f36fe277ddd8824c85bb1963382043ab07585dd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 992ebb35fa293d38384d8d3a1ede73663e81afb0adb5436d910d6d197abc19fe
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ce2f43665a99c97aff692886f36fe277ddd8824c85bb1963382043ab07585dd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17C10722B1CA8A4FE795EB68D8A52F97BD1EF97350F0401BAE54DC7193DE2C98068341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412C922 Relevance: .5, Instructions: 460COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 36cd7d79daecdf7fc8fc741f2dec664a715928dbb7014087ed7048892dfe5bb6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 44bab535d3b65f6c360b5ef6ed7c621d467469dd2f4c8ed43685e3465829cf2f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36cd7d79daecdf7fc8fc741f2dec664a715928dbb7014087ed7048892dfe5bb6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E1D331A08A4E8FEBA8DF28C8A57E977D1FF55350F04426ED84DC7291DF79A9408B81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412172D Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 336e1af40f59fd8e463bda0eb41abd240a30f385c9f785104ccbf516f6804e64
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ad2ccbe8007e85f4c05409c028fdf67b91943a56fb44dd7e1f2b97a430657b4f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 336e1af40f59fd8e463bda0eb41abd240a30f385c9f785104ccbf516f6804e64
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7417A72E189298FDBA9DB18C4E47E8B7B1FF59340F5042B9C50DD7285CA38AA85DF40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121FAC Relevance: .1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 480f40060ffd4580a1f97c2ddd64f5a85a3b73f5590af4c0c923a79e194d338b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fbdb6dcdd703c5c3c050b00fb04edf613933078cec3c2472c7bbddbcf77b6660
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 480f40060ffd4580a1f97c2ddd64f5a85a3b73f5590af4c0c923a79e194d338b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7011AC72D09A1D4FE7A5DB2888A53F9B7B1EF46340F1440FAD15CE2192CE382A85DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34126772 Relevance: 4.1, Strings: 3, Instructions: 348COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: P( 4$P( 4$P( 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2890690453
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 94f39cc73e003844e52700a51a79ddd78bf4dc0e32f356d5008099e6d5036f3c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bce6534bc35ead38bbb73561804d737b0da169422c2ab0eab7cf841618584ee6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 94f39cc73e003844e52700a51a79ddd78bf4dc0e32f356d5008099e6d5036f3c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7C12D22A1DBD64FE755DB28C8A66A53BE0EF57350F0801FAD599CB1F3DD1CA8069380
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34210853 Relevance: 2.2, Strings: 1, Instructions: 948COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2272301964.00007FFD34210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34210000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34210000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: `e 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3763270083
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 229269f27207e861513866328bf37e2ea1be0ad528050bfe125de26ace8b609c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fbe8f1d7664c87f89286d9c8e08dc927140478c20d4f0374856215c1e37105d8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 229269f27207e861513866328bf37e2ea1be0ad528050bfe125de26ace8b609c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5AF14720B0CA894FE759972C98AA6797BD1EF5B310B0401FED08ED76E3CD19AC42D781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412596D Relevance: 1.6, Strings: 1, Instructions: 385COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: M_^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3807191693
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 800ab58fe6cb33511b6b8f0e9ffac74fb90c289c3404d0f3bddcd9f5971d4d55
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2268f85dd361e3d02d024cf59bf0749c8516c2aee33dd7c23bc7aab90e82a36c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 800ab58fe6cb33511b6b8f0e9ffac74fb90c289c3404d0f3bddcd9f5971d4d55
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACC10A23B0EA964FE3A1677868A61F97BE0DF43361B0806FBD19DCB093D91C144A9751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD342104DE Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2272301964.00007FFD34210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34210000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34210000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: `> 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2158440594
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0ad77dbd87cb3fbf86efd0ae08dba3ad30d5c76bd892b9461c911c388c637a3d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d9e3c45f64608abd05efc1d67eb8f9d389287fe5fb76b01f4ef530231ecf86e2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ad77dbd87cb3fbf86efd0ae08dba3ad30d5c76bd892b9461c911c388c637a3d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB412722B0DA854FE792972D48AA5613FE1EF6B25030901FBD08AC72A3D918AC03D781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34120E53 Relevance: .6, Instructions: 580COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e11c626315746a8ef5994500a11b42024f292c37b375d562255385fa72c690fc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dde0cf30ba4d3dabddea351329c05c710df02fea0708cb11c5df48b7590c9d20
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e11c626315746a8ef5994500a11b42024f292c37b375d562255385fa72c690fc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 09225D71A0891D8FDBA5EB24C4A57A8B7B2FF59304F1041FDC01EE7296CE39A981CB10
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412B679 Relevance: .4, Instructions: 414COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: da544e55280dfba7d23216228828de62b3a7fe6c2aca8596131aacb8fc427b13
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0665822462c845833bd4ff0c0f800f450b51ec232a1521463a8870ff05e406a6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da544e55280dfba7d23216228828de62b3a7fe6c2aca8596131aacb8fc427b13
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4D1B631A08A8D8FEBA8DF28C8557E977D1FF55350F04426EE84DC7291DF78A9418B82
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34210002 Relevance: .3, Instructions: 340COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2272301964.00007FFD34210000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34210000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34210000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0f74fc1ad83e8a3b11a8c088638042b482c4d6203504e533ade6db0bf7f7c2ab
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e4560ffcd53e2c7aa1b1720cb35b04d4fe99b376da4cb576a5522e4eccdc47d2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0f74fc1ad83e8a3b11a8c088638042b482c4d6203504e533ade6db0bf7f7c2ab
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBA1D331B0CB894FD755DB2C98A96747BE1EF5B710B1902FAD48ACB5A3CE19AC02C741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412D7A0 Relevance: .3, Instructions: 336COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8f48631cf190b303c693e84955f367e441b4425a75586beea5d32fd8015992f6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d035000845870634c838dfbad85aab3629d44aec6e4b1c66f98c21d1d857e209
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8f48631cf190b303c693e84955f367e441b4425a75586beea5d32fd8015992f6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0C1EA75A08A5D8FDF94EF58C895BACBBF1FF69301F1041AAD00DE7261DA34A985CB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412C536 Relevance: .3, Instructions: 333COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dca24edeb8f0472aa5bf8b5ff05d24a28672fdc6c9be44721c15fd9cbafea307
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5e31cddf7d4a874d7f077ef37da1b2ef61d984cdf67879910c9bc6d9d4503e90
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dca24edeb8f0472aa5bf8b5ff05d24a28672fdc6c9be44721c15fd9cbafea307
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEB1C331608A8D4FEB68DF28C8557E93BE1EF56350F04426EE84DC7292DF399945CB82
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34127A45 Relevance: .3, Instructions: 318COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5b27362dac6a5c84182c339eefb6ce66d0b44631bda274e93af98781bec4eced
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aacda912512de4f288d0d2326343371268cefcb5da58a9c2446f999c811eeb2c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b27362dac6a5c84182c339eefb6ce66d0b44631bda274e93af98781bec4eced
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FBA1F23190DA8D9FDB12DBB898656EABFF0EF1B310F0801FAD198DB1A2DA2C5445C741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121AC8 Relevance: .3, Instructions: 284COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3f08423c1da1a22b43bf940a8308cdc6a8e9b3f6b0074d28411cd163d7b8f41f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ed78642ab0ff7ea7f22f1dd7226887788ad13055084235a38171429c6f499211
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f08423c1da1a22b43bf940a8308cdc6a8e9b3f6b0074d28411cd163d7b8f41f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCA1A171D0966D8FEB65DB7888A57E8BBF0EF46341F0440F9C05DE7292CA785A86DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412347E Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 06c0d177bdb95ebc2fb70c52ad52442d3e9c50bacd36b0b832a02504fa9ab1fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e00722e2fc62ea42d8c7fe93d5f25ad4181ee47ea2021ec9d21cac8a4a3b83a9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 06c0d177bdb95ebc2fb70c52ad52442d3e9c50bacd36b0b832a02504fa9ab1fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5719E31E09A5D8FDBA4DB68C8A57EDB7B0FF56340F1041BAC10DE7281DA396A85DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412E641 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7cd9143b9e346900d426d0e4595aabc5c5fce0cb4b01582b5763cb28a76a8091
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e45dde902e2d8c3c67339a3780fa52f8d496c2c82d67ee5bd4337b5795f855ce
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cd9143b9e346900d426d0e4595aabc5c5fce0cb4b01582b5763cb28a76a8091
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D616231A08A4D8FDB55EFA8C4A5AFDBBF1FF5A300F1405A9D109E7291DB38A845CB50
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412946C Relevance: .2, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 20c1391e149a2fdf99b7f8ba7fdac8d658d3d2c4e2439b8755f8aebd867e7e63
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 94513037d63e3678dc67ba98e633d7f13e23798f54944d128e87a556eaee22f0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 20c1391e149a2fdf99b7f8ba7fdac8d658d3d2c4e2439b8755f8aebd867e7e63
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3516431A18A1C4FDB64DB58D8557E9BBF1FB59310F1082AAD44DE3252CE3469858F81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34127DC1 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9d5714d74e52a1de7dbfe484eb2153f56ddf15e38d691ab15228c65486a7d216
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e09f1e20737def32ed06ea15d64722430e29106dd5b8b0351e2e43ee5f8433bd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d5714d74e52a1de7dbfe484eb2153f56ddf15e38d691ab15228c65486a7d216
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB51D572A0DA895FE742EB6888656EDBFF0FF57350F0501BBD058DB093DA285806C351
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34128570 Relevance: .2, Instructions: 157COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f47d351b341566b814c15cb734a3d4b823ce357715147dfa8044d36fa1db38f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e211bf224d85d4554a80ebbf4d445edcbe274a958e99d10247f5a9eb22f7dfc0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f47d351b341566b814c15cb734a3d4b823ce357715147dfa8044d36fa1db38f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD515F70A0891D8FDBA8EB68D498BEDB7B1FB59301F1041AAD00DE3291DB7899C5DF40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34128372 Relevance: .1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b12fa562597b6ed9f1de1c65c6e7fcb76a77bbce60295f7e298a9f43829b956e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e8dc79525ab87f3fa7f8fea90b79ed86766f5554482445ddfc90fcaf21f36870
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b12fa562597b6ed9f1de1c65c6e7fcb76a77bbce60295f7e298a9f43829b956e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E410971E08A5D8FDB94DB68D4A5BADBBF1FF1A300F4041A9C04DE7291CB39A981DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121980 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c0f2b5ee23d4bde5507cb8e4c65db144df9bd26d3b996880c17c2cdc81a30a93
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b6644fef19da103fc7e0cc19982edd480433fa6c2bf106e9ec786a11e935dbb5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0f2b5ee23d4bde5507cb8e4c65db144df9bd26d3b996880c17c2cdc81a30a93
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42314D31D096AA8FE799DA6080A53F8B6B0AF07340F1055BDD15AE7292CA3C9A84DF04
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34123368 Relevance: .1, Instructions: 100COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e200d77d78157de26b4cdb5285fb08397269703022070dfd9b4972acf70b8ec
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 735814a26e4d7919a31e8a88c96f319d3cf08b8af8fa8fb299897f2a2dfd71d0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e200d77d78157de26b4cdb5285fb08397269703022070dfd9b4972acf70b8ec
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BC319231A0DB9D8FE7A5DB2884A57A9BBF1EF46340F0005FAC04DD71A2CE795985DB01
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34124EFA Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ef29ca2dbb0f6fd6a10c4cb66d00abd003390c9e617db07d67319d3429574fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f72ccb8259eb98e32689de3bb8d7632bbac1c7c81f4c4b601364d99dffd8f78b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ef29ca2dbb0f6fd6a10c4cb66d00abd003390c9e617db07d67319d3429574fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4A21D632B0C69D4FD712EF68A8A11EA7FA0EF46220B0402BBE548C7193CE689805C791
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412D20F Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 255bd9ba61b93c0c9fb83213bb101fbe2e4b786d76bfc23d3e71f15758e8ca48
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7f13cac3a1389254bc0c5ea9ea7e7aeb23528c9a8ef270e5e6d38c6dfa09aa9c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 255bd9ba61b93c0c9fb83213bb101fbe2e4b786d76bfc23d3e71f15758e8ca48
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52212831E08A1D8FEB94EBA8D4A16EDB7B1FF5A300F5041B9D109E7291DB39A841DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121B2F Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2c0edcf632a82a1d7d6c85571fba7cdb8de741b1619800ec3149d07b3005fe7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d605f8dad2b18e4e26b4f3dc3e3c04583d4a8daa349d89c13bf44c02a54236e9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2c0edcf632a82a1d7d6c85571fba7cdb8de741b1619800ec3149d07b3005fe7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B731FE3090966C8FDBA9DB68C8957E8B7F1EF59341F1401E9D04EE72A1CA785E81CF40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34123B7D Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b641fe31c8bfd3a9642c4a4a30e1bb63a06d111d9aee350f65ac48a67583b406
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bc3ff3700793092169168b444e00fe179271ba999e3d31fbef82c2dc4740634b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b641fe31c8bfd3a9642c4a4a30e1bb63a06d111d9aee350f65ac48a67583b406
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F521AE72E0CA8D8FDB01EFA8D8512EDBBB0FF5A350F0006BAD119E7182DB7955598B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341247CD Relevance: .1, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eed76e243df387b7811dbb71876d03ee06f55e6af33d785507b2032401fd51b7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a9c4e4fee18bb1b96cca9c88f9a9345ae10db09313741ecb8233ef20d4edea45
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eed76e243df387b7811dbb71876d03ee06f55e6af33d785507b2032401fd51b7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 69212B63A1EAC64FE712DF7448A52B97BE0FF53300F4400BAD5A8C71D7DA29A805E781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121E23 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 611d432c7b4495c18db66007f045348366293de88751d665141347157035df8b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 621c3742341f16cb1fccf4a44c8aac2365c9e2d4eb23c3d1f22d7c20456b4aed
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 611d432c7b4495c18db66007f045348366293de88751d665141347157035df8b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F216D70E09A398FEBA6DB2488957E9BBF0AF19300F4441E9D14CD3192CA785AC5DF00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34120C1D Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 11981eaf6c1c8790b7894a093ba58faf8f8a95301c07fce6363833d3bfe7c205
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f2ca64b34c0136286fc5d7c2f05116d1b8992e70f706a25cd3d5b6e0ae5331a6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11981eaf6c1c8790b7894a093ba58faf8f8a95301c07fce6363833d3bfe7c205
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD11D5A2A1FAC24FE719977444763A47FA0AF52305F0405FEC1A9DB2D3D92D6805E702
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412D132 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ad0037aa0add05aed9db393c5ddb1e8e780ffce93a6fef1b8bd1af9eb4f9c63
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 53c64ace6a7ebf39206023b623286c9065f71c8cb2f7119f0217ceec7bd3d354
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ad0037aa0add05aed9db393c5ddb1e8e780ffce93a6fef1b8bd1af9eb4f9c63
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C211902290DB894FDB919B74D4656E8BFF0EF17340F0401AAD148E7192CE686846C701
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341279CC Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2e754f6d84f4871b2b8b07ac1bb654dc94f65485fa0ad911f6499bf5b3412609
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 77d76ebd5345b1fa5ea5c96a1c77e49fb7655515924b3791fa5716403455ca71
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2e754f6d84f4871b2b8b07ac1bb654dc94f65485fa0ad911f6499bf5b3412609
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5701D622F15E9D0FEB50A7AC68665FDBBE4DF86211B8002F6D169D7151DD1828139301
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34124A4B Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 96b3fc289fdb8aaa3b3efadf26c35f3f19b0680c881c565233e7b357a0b82418
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 90a912d636fea92b32b0e422d93077a4a260a236f9d97278b301edd93c698bb5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96b3fc289fdb8aaa3b3efadf26c35f3f19b0680c881c565233e7b357a0b82418
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F0114F31A09A0DCFDB54EFA8D496AE9B3A1FF46300F5545B8E01DD7282CE39A841CB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341284C0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ef1a00f6456f650f7641c693766962d6b343098f1d9c800a6c0cec8ac429b13b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 30ff5b541f0c406bbdcd1975e14e02a46c5eeaa5fb309a4ffc8e7d2902b103e8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef1a00f6456f650f7641c693766962d6b343098f1d9c800a6c0cec8ac429b13b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0611B035E0991C8FDB94EF58D4A4AECBBB0FF2A311F4011A9D00DE3281DA79A980DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412523E Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21e47c4c9f44370ff1c9c514d751df00f25af4b94a5364402947336c93b762a9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f1de40a50c0b325ecd3c92c52737ad1def1c40f0a8a7077fb01a6bc062a0f59c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21e47c4c9f44370ff1c9c514d751df00f25af4b94a5364402947336c93b762a9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6701D42270CD894FDB99DB2C94A1AB17BE2FF9621030901EAD40DC7297CF1CE845C741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412483D Relevance: .1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a01fa7d5aab02377b157293d91f889e27bd351f483182fd05938fdc7abc4653e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ae5d40f79a17e9953df9835c4641621abda75cc6d1f4f085e2f34ea3ee856cbb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a01fa7d5aab02377b157293d91f889e27bd351f483182fd05938fdc7abc4653e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC11A936D0C6898BE761FF7894A51FA3B94EF16204F040576E55CC7193DE2C94558B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121EA1 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c35f802d2ed8f40eabdfbbafd67ef8e02ea106eee1d14647b17a2fbeaef27d33
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2606cc53a8f13391460da2b52aa9fada52893210b08f8e991350f3b84fd49790
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c35f802d2ed8f40eabdfbbafd67ef8e02ea106eee1d14647b17a2fbeaef27d33
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29114971E08A298FEBB6DB2488993E9B7F1AF55341F0041E9D14CD3241DA389A859B80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121E7E Relevance: .0, Instructions: 48COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bb25ce3d3fd1c4b33b5262aa0b01ed8e22d48df824b59eafb88f644e054bf25
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: eb4c30bbdf83d56fb0b71e56dfe59695373cd9aa6d8b702b095ed3fb98e9db45
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bb25ce3d3fd1c4b33b5262aa0b01ed8e22d48df824b59eafb88f644e054bf25
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A701C470E0DA698FEBE2DB3848957A9BBF0EF0A300F0401E5D55CD3152CA3C6E829B00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121EB6 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9a1e6fded47d4712a45a53a6132db7ce7156c2cc62a24e1f7afeb0e15e9ea795
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0cf07789f07f64a0d433bd7e9bbefaa5d1573f794d7f5c8d26e0ad93652f0cdb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a1e6fded47d4712a45a53a6132db7ce7156c2cc62a24e1f7afeb0e15e9ea795
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3011C8B1D08A298FEBA5DB2888957E9BBF4AF19340F4042E6D14DE3251DA385FC5DF40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34120C89 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e4c59184ff1539f9bf48de5854c879f0ddbede06f45e539ed005dd1206850e2f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5bae433d9ee482d1711c97b3ea2097f9d7c7bd539fb5b675a75c71906cc568ee
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e4c59184ff1539f9bf48de5854c879f0ddbede06f45e539ed005dd1206850e2f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19014C3150EA9A4FD729A77484263FA7BE1EF46300F0005FEC169EB2E1DE396805C641
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34125260 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9124ef25555fd36a34db4f0f71fee0e2b07969918c86db0f4f44590175779632
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6f276e113d05ac959e86b126688d81c7a8a535e3a31f85a3c338deb2ed40dec8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9124ef25555fd36a34db4f0f71fee0e2b07969918c86db0f4f44590175779632
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73F09032714D0D4FDAA8EB2DD4A0A7573E2FFD831035901A9E40EC3296DE29E8418781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341218A4 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c84e52ed50fa8a8b7c5280ec437f68c13be764dbfb4b81ea9d062bc19e45c35c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6793dc27f3c7a2e8ede9e3c62e4806788c605630a28701aa4b99c727a54c6b6c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c84e52ed50fa8a8b7c5280ec437f68c13be764dbfb4b81ea9d062bc19e45c35c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1401F631D096698FE7A9DB6484A53E9B6B1BF06300F1004FED01EE7692CB795984DF00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341232B8 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6669795582e07038340b20d59503bc282f9ee1f6e821a6af846377b6554d3413
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dc52b6f7b880d2dcb6015f8031d65535203fceeeddabe68c3387974a5f186f22
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6669795582e07038340b20d59503bc282f9ee1f6e821a6af846377b6554d3413
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F06D75D0CA9D9EDB41DBA4905A7EDBFF0EF4A201F0482BAC158E7192CA3C1585DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121CC7 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e92002d901c1aea21d19e915842b88d0e2d0207d138e67ee2afda423b62ce8e2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 46c63fbb52cfc8420f8f08146c11fdb03b6f63e8274cf0b411bc1cddfe3fc0d8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e92002d901c1aea21d19e915842b88d0e2d0207d138e67ee2afda423b62ce8e2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6EF0C230D1E6AA9FD721977884662FCBBF0AF0A700F5400F8D089A3093C93CA946DB41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121DD1 Relevance: .0, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad92f6ad146e8d2bd98db2dac696ea2568604ab6fa79075cbb4dbe82e502ba22
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ab79fbc79fcc758d269161c038e7669f8a99081c1f8bc491b5c572dc027a89c6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad92f6ad146e8d2bd98db2dac696ea2568604ab6fa79075cbb4dbe82e502ba22
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2DF0E23094D6598FC315CB749494AAABFF0AF06304F0542F8C494EB592CB389842D700
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121C77 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 26b140c3eba70aca9ad9f4cf38205f2ed450b1ec67e0ca05ba39e4d598546e3b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8aaecbbebf41e70aa0b11bd9bb395b5038b267fdd154fdb436d39a07298a7c51
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26b140c3eba70aca9ad9f4cf38205f2ed450b1ec67e0ca05ba39e4d598546e3b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2F08C31D096788FE7619A3188513ECBBF0AF02301F44C0E8D049A7192C6795A86DF00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121C27 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1d7c51f9f1072c48ab1615db384bf291700474678dacdfd50fdc6c8f8d54077f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 960d0c9d84fcb43db04fd6ebb6a0d1ae48c42b184cf67c39f2ab4366a1972dc3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d7c51f9f1072c48ab1615db384bf291700474678dacdfd50fdc6c8f8d54077f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DF08C319096788EE7618B3088A13ECBBF0AF02301F0480A8C04CA7191CA795A89DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3412192D Relevance: .0, Instructions: 21COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0446b8fcb055e798868ebd76f9692cafd9ca4a65b7132d72e6208d5095a42ca3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1497d5f619c2010cb49bb06625473d2fa083d255739f7201adf30ce0032c42e2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0446b8fcb055e798868ebd76f9692cafd9ca4a65b7132d72e6208d5095a42ca3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7E01A30A096994FE796EB2484567A47BA1EF4A300F5005FDD01DD76A2CA3959C18B00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121F6A Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3da3f1adec09c1e8d57f855fc4f7e3308fa47fd5d1ed7421cb5cbc2d283b52a4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: acaf5ec14b53bc89af00642a515ae038b43c1b6bf2d410bb4d5676f2ad2e8099
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3da3f1adec09c1e8d57f855fc4f7e3308fa47fd5d1ed7421cb5cbc2d283b52a4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EBD0127190EAA56FD312577454664A9BFF05F0B200B4444E8D199AB163C12DAD43D701
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34121F8D Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e293fdaac7b9d1216326b684f6bf10191a37f4b965e78ce0370f06f23d0c13fc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 163e22d1bcd26f980d799eb38eaf42ab9117d6063d2ec9afcb85b00e0ca17099
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e293fdaac7b9d1216326b684f6bf10191a37f4b965e78ce0370f06f23d0c13fc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EED0126150E6D52FD742177844665967FF04F07240F5C05D8E5A49B0A3D15D58479301
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34126E93 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 84ca04b15d37bf4a68be73da311021a981681b9ccfa77b3fd99af5cceabf61a6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4db7e997fc44cbe5bcde5953b4116c764836bf346ba6dd5c1a6b7f147ab74357
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCA00203BDA86E019444209DB8920D8B244D7861B1BC52572EE0CC419A988E19D6228D

                                                                                                                                                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34126110 Relevance: 11.6, Strings: 9, Instructions: 327COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: / 4$0, 4$@0 4$H. 4$h/ 4$p- 4$x, 4$M_I$M_^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1680936526
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e95dd9ddf268ed92f48860d45d43a5b075be2d7b4121de11ca8c06611c7843f4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c6a737cd8e12ae65ec07d3a87d546a687bb2e6591a2d5c44b6764c85c7e0648f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e95dd9ddf268ed92f48860d45d43a5b075be2d7b4121de11ca8c06611c7843f4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 46912C17B1E9A547E321666DFCA61FA7B80DF8327570843B7D18CDA0E79C0CA80E85D5
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34126EA1 Relevance: 7.6, Strings: 6, Instructions: 97COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0, 4$H. 4$`- 4$p- 4$x, 4$+ 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-49191557
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 57b8057c0ad3ca550693738689fa7bf69334583dcdd2d75e3c112509a584254a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9a4c8cd26a3a1cd9e2e29c5b9c71d1b7c36a43966c0c21e63ef1c74326e2ab1e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 57b8057c0ad3ca550693738689fa7bf69334583dcdd2d75e3c112509a584254a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE31A443A1F9C10FEB528B5898751786FE0EF53290B5981F7E184D60EBA80CED09A751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34126E2D Relevance: 5.1, Strings: 4, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 0000000F.00000002.2271746941.00007FFD34120000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34120000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_15_2_7ffd34120000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: X" 4$`- 4$p- 4$kM_^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-966265108
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 469868e28a24f93242f427b2e3803651ab7713c7073899a86e359df34fb1d4e8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e12284408312d9004856aa44bef434521704dcaf641171534baa2aa00a894ecc
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 469868e28a24f93242f427b2e3803651ab7713c7073899a86e359df34fb1d4e8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD21E753B1ED851FEB95C658E8B51A877D0FF93290B0842F7D248D60E7EC0CAD066341

                                                                                                                                                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434F811 Relevance: 2.6, Strings: 1, Instructions: 1304COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: )+_H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2369920656
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 977f65c05dd86d9b8a38f8e010ac7b37fc73923ed0b72820836bea2fbcc0066b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 22e4e685b2124c6e064f72415831557aa9b1441019ba189470beea469139b9d8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 977f65c05dd86d9b8a38f8e010ac7b37fc73923ed0b72820836bea2fbcc0066b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B927421B2894A4FEB94FB5C84A57F973E2FF99304F544179D01EE7286DE38A842CB41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343419F5 Relevance: 2.1, Strings: 1, Instructions: 893COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ,_H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-982124741
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7f7810a3c450941097aa1fa3a3773fa7f47cc1e95420b2ef35d29b2248214670
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c6fdbfd7090d587da9fb49a866634fb3b3f4e754ba58c2a66fce2946d13e75a0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7f7810a3c450941097aa1fa3a3773fa7f47cc1e95420b2ef35d29b2248214670
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC52C531718E494FEB94EB1CC4A9BB577E2FF9A300F1445B9E14ED72A2DE28AC418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434E21D Relevance: 2.0, Strings: 1, Instructions: 758COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ;+_H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2001895812
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f57bcc38f33750d38b8d8a767221a2da06d6668c0c8d03b80680cb036824535f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 479e4a572338510d466b361d543176e0dfe680a3292df68c5456e48fb1b37aaf
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f57bcc38f33750d38b8d8a767221a2da06d6668c0c8d03b80680cb036824535f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2432173171DA4A4FEB94EB6880A66B577E2FFA6310B1441BDD05DC7286CE39F842C781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A840 Relevance: .4, Instructions: 379COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f19634ca2a7153b09b3b1592943deabbd61e7a319f9928c03b64000d8b94d8e4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e433c77539ee6e3a27e99136759d4e13c80ff220ea8b3d9e95cd826d1da157eb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f19634ca2a7153b09b3b1592943deabbd61e7a319f9928c03b64000d8b94d8e4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BB1E747B0EEC21AF76252ED68B21F97F94DF532B570801BBD29CD60D79C0D680A5392
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34134CB7 Relevance: .3, Instructions: 315COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3ff3c28c79fdee7aaa732331110495924e9801f7cf87f9e8fb9ad55766a086d4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4dcb7e546286b5c63e9dd6400ad86fefc976c2aa683b413a64bea9e53e1d874a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ff3c28c79fdee7aaa732331110495924e9801f7cf87f9e8fb9ad55766a086d4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0B1A072E18D1E8FE794EBA884A57AC77B1FF96300F54407AD00DE3296CE79A841DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34141CF0 Relevance: .3, Instructions: 306COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 72b98a489ce587cbf836e52bf3118f4103f2ce3fa325411ecc56e3c8ee387eed
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cc846a53bc3f5204a0f6ee119daa951b3d911be3894297aff3018266f1efe775
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72b98a489ce587cbf836e52bf3118f4103f2ce3fa325411ecc56e3c8ee387eed
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9FA1FB72B1CF860FE3A5D72884A57B6B7E1EF97340F04457ED18AC3296DE2CA8428741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414B72E Relevance: .2, Instructions: 231COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5434a02de5d05c3040d6af6615bc18ce06de332e1a5823f67d3422b6f4efd3e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d9386afafa6e0d0ad5f2a0bce211b1eaf63071d2d9f57f414b3f10901e881f05
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5434a02de5d05c3040d6af6615bc18ce06de332e1a5823f67d3422b6f4efd3e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58915B71E08A1A8FEB68DB54C8A57ADB7B1FF59301F1001BAD10DE3296DA386985CB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34134DCE Relevance: .2, Instructions: 198COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a559eba05b544d740b5d1a6929f14e391f33ef1418450ce0770cef9291526c11
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bf0ad4c0a01da9b7df4719efed1c7eed59894d9310b3baf2030f333543f9d63c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a559eba05b544d740b5d1a6929f14e391f33ef1418450ce0770cef9291526c11
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82619D72E19D1E8FEB94EB6884A53FC77B1EF96300F54407AD00DE2296CE39A841DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414CE07 Relevance: 13.8, Strings: 10, Instructions: 1296COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: (%4$)$,$/$X$X$]$uK_^$x$}
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3763078538
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 37bf96253e4379b4fc31ffa89aa46d5b7935e3f0476c6485e1ed63dff1880032
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c1d84656f0d9be68bd96da7fe9ca2c3eb63dd2408df1bb5b7d001c3992857a6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37bf96253e4379b4fc31ffa89aa46d5b7935e3f0476c6485e1ed63dff1880032
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34824922B1CE890FE759A73848A52B93BE1EF97310F5542BBD08EC71D7ED1CA8429351
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A015 Relevance: 11.5, Strings: 9, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: @6%4$@6%4$@6%4$@6%4$pD%4$D%4$D%4$D%4$D%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1768998073
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: bc04ab513ce571eb3c9f397a8237b5bcc1f959075aee2b17b387302b0c144707
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e4938b4d61e26fd4864e026b4343dc32ea8d6a3234820f0d21e857a5aedb153c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc04ab513ce571eb3c9f397a8237b5bcc1f959075aee2b17b387302b0c144707
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C812663A28D464BE7A4EB1C84A57A6B3F1FFA6314F40453AD15EE3295CE2CF8418642
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34154FD3 Relevance: 10.3, Strings: 8, Instructions: 344COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: )*4$()*4$0)*4$8)*4$@)*4$H)*4$+*4$+*4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4001097279
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 200b41c439e2b98f02ee38c090045fdd4eabe8879d25e30499149d7f048d4142
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 38d64d1d9c00ef707b472fdba15bc4abd0078e818f7bd7c316d5df100cb4dd23
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 200b41c439e2b98f02ee38c090045fdd4eabe8879d25e30499149d7f048d4142
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45913A67B0D9810FF3A1A66D68A52F93B90EFC3334B0445FBD54C9B19BDD18AC0A8391
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346A9C Relevance: 8.4, Strings: 6, Instructions: 875COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 19_L$pG04$pG04$pG04$pG04$pT44
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4259308484
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc3b83b89668672434944ee316258c9d4183f2d66bb8b3ebefe99600ec6de38c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a6b07501bccd479517661bf04dc3b9a721ed1174ce66cbfbc15ef3ac845f1e69
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc3b83b89668672434944ee316258c9d4183f2d66bb8b3ebefe99600ec6de38c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C527230B5890A8FEBA4EF58C4A56A973A2FF95304F604179D10DD7396DE39EC42DB80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CCC0 Relevance: 8.1, Strings: 6, Instructions: 551COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0P"4$0\"4$8c"4$PP"4$PP"4$`C"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1114456887
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0c34f4e51f1d6ac614a3866af10b585da8aa657ff7ffb4ea08b153b4af3ff7f5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: aafdac8935235658e36da228c6b99c8314211a391b7236db4eaaa42f147c878c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c34f4e51f1d6ac614a3866af10b585da8aa657ff7ffb4ea08b153b4af3ff7f5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F602F363B18D494FE7A5EBAC98B67BCB7E1FF96310F04017AD05DE3286DE2868418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34345588 Relevance: 5.9, Strings: 4, Instructions: 943COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: G34$ G34$ R44$(R44
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2829825637
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cf085f525d0796bdd4c5cdbef0a8a819936dbdfd9ff5f093745924b795564280
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4a06ad7f425cfd87a3e84cda3b21dea3bcc4c05c70f45d830c67c95150dac0ab
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cf085f525d0796bdd4c5cdbef0a8a819936dbdfd9ff5f093745924b795564280
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2662A231B1CA4A8FE7A4EB5880956A977E1FF99700F544479E24EC3392DE38F841DB41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A020 Relevance: 5.5, Strings: 4, Instructions: 471COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: @6%4$@6%4$@6%4$@6%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1981572398
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d68625ef92cf7e7f7e18d8ee7c1af512efbdf38f1930f13e06b81d9e32630d90
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2575674f19cd61947688da5b6537fd93fdb52c36d51a733333907bece6e7dd14
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d68625ef92cf7e7f7e18d8ee7c1af512efbdf38f1930f13e06b81d9e32630d90
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E1E87261CF494FE7A4EB1884A56B6B7E2FF99300F50457EE09DC3396DE38A8418742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414068A Relevance: 5.4, Strings: 4, Instructions: 418COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: H$HB#4$`B#4$d
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2215983250
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6cb19b0771efe52cf15c380478258f116452433f52963e627895f078b7502328
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1cd9da63f817c356881aa5aee5e0a391716009cb2eec67a88be8bc0678cb3e95
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cb19b0771efe52cf15c380478258f116452433f52963e627895f078b7502328
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 31C12332B1CF464FE769DB1984A06757BF1EF96300B1445BED58EC329ACE29F8428781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413D469 Relevance: 5.4, Strings: 4, Instructions: 405COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0P"4$0\"4$PP"4$PP"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1095600445
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7b3910a9cdaa6a1dfd72283581b6d5b9736177a3c2bb6965c8098eea6464d6fd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: bfd166fe9dd14763cf2a4194fb4c196bf22dbac97d7e918c4d95df6766ff3e50
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b3910a9cdaa6a1dfd72283581b6d5b9736177a3c2bb6965c8098eea6464d6fd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47D1C462F18D494FE795EB9898B67BCB7F1FF9A310F1401BAD05DE3182DE2868418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414FD22 Relevance: 4.2, Strings: 3, Instructions: 487COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: &K_H$8D\H$>D\H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3638863731
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9b703afd22213f949fdafe15f227853a8c2e1f1f69771b6c06eb0dbae47f8a55
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 411cef85ec369eb5c3ac5166c1d2f628e7fe48a199c2b9b369350f4f90034096
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9b703afd22213f949fdafe15f227853a8c2e1f1f69771b6c06eb0dbae47f8a55
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5E13763B09D4A0FEB94DB6C94E56F83BE1EF9A344F0440BAD55DD3396DE28A802C341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343465B0 Relevance: 4.2, Strings: 3, Instructions: 424COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: (z<4$].4$].4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1289176578
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a8f3baaa67e811203a931272edb8b67fbea2fb8302a133ac9cfbdc0993e3a88b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 55d3107500bbc6254f85c96b2a094061733090441291c22bdd188c4aa2f8d145
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8f3baaa67e811203a931272edb8b67fbea2fb8302a133ac9cfbdc0993e3a88b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ADC1F761B1CA4A0FFBA8AB5894A56B977D1FF96300B5541BED45DD3283DE38FC028341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434000A Relevance: 4.1, Strings: 3, Instructions: 390COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: h+34$h+34$h+34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3924404778
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ac17921634200d287f10014bf0964ca577cffa225049dbd592b6fe44f3d88452
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a801362e28283c8a67ecc6d5be70ba0960b9626e503b50d1be9edd1c82073f72
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac17921634200d287f10014bf0964ca577cffa225049dbd592b6fe44f3d88452
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18B16B22B4DA890FE799A62C68A55F57BE0DF97310B1800BFD58DC72E3DC2DAC429341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413E5B8 Relevance: 4.1, Strings: 3, Instructions: 387COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: HB#4$`B#4$d
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-476016061
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9dc27bea80a793580f59a9c9d3d7c317671bbfff1d6b61ab04471e80c43284ce
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ffd439cd9d9ecaeb3e1ddcf5b15f158bc34fac1bdead57d0e510393eebecca71
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dc27bea80a793580f59a9c9d3d7c317671bbfff1d6b61ab04471e80c43284ce
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D6C1DE31A1CF458BE768DB09D4A1935B7F1FF9A310B24457DD18EC329ACA39F8428B81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34340C7C Relevance: 4.1, Strings: 3, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: h+34$h+34$h+34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3924404778
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 11cacb82d8d13fe0204ebf03b5ab28dc019b9e4ef28536bf70c05da09d0ecc9f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1a14d66a03df3caedfb50fda2634d1e4163c257fdd2bed5f53d501687425a982
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11cacb82d8d13fe0204ebf03b5ab28dc019b9e4ef28536bf70c05da09d0ecc9f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2991F522B1DE890FEB99E66C44B52B937E2EF9A300B4400BED149C73D7DD2CAC469341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341407A9 Relevance: 4.0, Strings: 3, Instructions: 297COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: HB#4$`B#4$d
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-476016061
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9065398993e896d148f6cc66e5aa89a51654ded893c69f868a4eae1fae04b2b0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dbd0559087e390df3b6beb914454fc8c6decd21182994adaa5205961cc43e119
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9065398993e896d148f6cc66e5aa89a51654ded893c69f868a4eae1fae04b2b0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6391E231B18F098FE768DB09C491935B7F1FB99310B24467DD58EC329ACA39F8428B81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34349CA2 Relevance: 3.9, Strings: 3, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: (M<4$K<4$M<4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2581846325
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 610473237c6ec0e9a2cb386ce175cd944809e324554335c32a00ec2b1bb005b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1634e964adbb00c7a7b3273ebcab028aedf0addf6d08327b52f541972ea39bc0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 610473237c6ec0e9a2cb386ce175cd944809e324554335c32a00ec2b1bb005b6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45410631B4DE460FE758AA1C54A62B577E1EF97220B04017ED58AC7396DD29FC428781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413DE20 Relevance: 3.0, Strings: 2, Instructions: 538COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: hx"4$_"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2298974749
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4c85d0ec2dbd2cd5f3941d6536c5b9a19720d67752fa14c5d1e6909f7e8b6837
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9b1422a6a87d4f81d882858fbd54e30dddfd773d50a821ea900afb2ee419cbaf
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4c85d0ec2dbd2cd5f3941d6536c5b9a19720d67752fa14c5d1e6909f7e8b6837
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6FF1F732B1CF494FE759EB6C84A557977E1EFA6310B04417EE09AD3197DE28EC028742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34343D88 Relevance: 2.9, Strings: 2, Instructions: 412COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0\"4$`044
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3169502190
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b38d5a91b683449d428478fde580c0df63326a74c3c56399030adf95720a156
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1548071aee7ff69e185c4ee9e0e6aef1e4e206fd9f68fd1bbb5affd01b9d68a3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b38d5a91b683449d428478fde580c0df63326a74c3c56399030adf95720a156
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BBD13863B4EA860FE7A5E72C84E52E53BD1EFA6350B4840BAC149C77D3DD2CAC469341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34351876 Relevance: 2.8, Strings: 2, Instructions: 307COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: T*4$T*4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-911927756
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b1205e4c92608c4f1bd4a6584f510259146990985c5da86c7c5e982bf66570c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b370a7a8de3df4007ff5980cfd666b32b70763e9fa0b02a0f4386a07cce52823
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1205e4c92608c4f1bd4a6584f510259146990985c5da86c7c5e982bf66570c4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B5913831B1CB854FEB65A62894A567577D1EF9A310F0401FEE58DC3292DE2DF846C382
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413C6E0 Relevance: 2.7, Strings: 2, Instructions: 245COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0\"4$83"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2894982957
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43bba9029423712d90c8b4e80ec004942f7514f83c575549859431dc5fb0cf7d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c3fd859ff8ccc4468611d10acdab71f3dc4a5b55aa3b55fd02a4ff43b0fff4d0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43bba9029423712d90c8b4e80ec004942f7514f83c575549859431dc5fb0cf7d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F171F672B2CE054FEBA9DB2884A957577E1FF9A310F14047ED18EC3296DE28BC419B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434BE2E Relevance: 2.7, Strings: 2, Instructions: 205COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: Hx<4$`x<4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-186417004
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4742735bd8ff399298774c8296e0df3469ff5b24ff3acad4a0c6666392397e3e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8811e140fd8d28bf9899ee5d498dc2fb7f04670352633eb37feef40f73d1beae
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4742735bd8ff399298774c8296e0df3469ff5b24ff3acad4a0c6666392397e3e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D951B73161CF498FDB95EF18C4A4AA5B7E1FFA9304B0445B9D18DCB252CA38F881CB81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CDFB Relevance: 2.6, Strings: 2, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: `C"4$vL_^
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1758724674
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1e278a9c033c4619fc72ebc2869496fdb528a20682aac9dd1342558bed8f5926
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3070373913b3328779a543480341fc3182d76f740347727e35890b6ddad4ccdb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e278a9c033c4619fc72ebc2869496fdb528a20682aac9dd1342558bed8f5926
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9B410B33B1CD094FE758EB5C986A5B977E1EFDA721B04417BE049D3292DE24AC028681
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346FC5 Relevance: 2.6, Strings: 2, Instructions: 131COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pG04$xT44
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1771797759
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 561a655fd4b05f05cf5ad3a0133364fd25b1b4e0dad20065739a76ff91191907
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dbc828cac8cb8b45e54fe7a7b6db24148408fceed039b0b41bc2fbbe6d4ac852
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 561a655fd4b05f05cf5ad3a0133364fd25b1b4e0dad20065739a76ff91191907
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05411831B5C90A4FE768EB6880A16F97392FF95314B6442BDC11ED7386DE39F8428781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34146E79 Relevance: 2.6, Strings: 2, Instructions: 102COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: @6%4$D%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-242777091
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 146f87debe76a9dff9f89a7fc791567c33a45c68615372480a413e9808a8a275
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: db39c4a53412988b78e15566e074fe804f217ffde76bc960efe280cb6b012eac
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 146f87debe76a9dff9f89a7fc791567c33a45c68615372480a413e9808a8a275
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D312D7292CF854FD750E7288869665B7E0EFA6314F44457ED08AD32A2DE2CE841C742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34348620 Relevance: 1.9, Strings: 1, Instructions: 633COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: h+34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1041315956
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1e93bbed2a0fce4bd143f11c826e32ee94fcc65938b5a775db87b4aaa6f67434
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d3c586ef385922cb15f0ef512e2de4af90707704432023591f57509d38b7b645
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1e93bbed2a0fce4bd143f11c826e32ee94fcc65938b5a775db87b4aaa6f67434
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D12F335B1890A4FEBA8EB5C84A47B973E2FFA9310F14407AD50DD3396DE38AC429741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34143EF2 Relevance: 1.9, Strings: 1, Instructions: 602COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 14
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1939092499
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 525d20e46b749ce52f5193f2f65a76fc41badc4caa391637f61995683c884fec
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca47ba4cde3c69778b0a9b6e5a5b120382f1a552f46598d2e31e93906f48334b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 525d20e46b749ce52f5193f2f65a76fc41badc4caa391637f61995683c884fec
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99122B31B1CA498FDB95EB2CC8656EA77F1FF9A310F0401BBE05CC7192DA28A845C781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341555ED Relevance: 1.7, Strings: 1, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: @6%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1408318033
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5ab32aa57cbb9418da476e0bc984d9802dc8682c5c1167b300934b1e890787ed
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c92100afe7862a13793cc75747df6a331b41ee7f0c213524247957249e1963ed
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ab32aa57cbb9418da476e0bc984d9802dc8682c5c1167b300934b1e890787ed
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAD12822B1CE494FEB989B2C44A53B937D2EF9A710F4441BAD54DD32CBDD2CAC428781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341554FC Relevance: 1.7, Strings: 1, Instructions: 411COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 0\"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-852443900
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc524245bca046d3aa194dea8f8b3b36d63c894417b31cef5efe77a31144c070
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 742d3000536ae83c220a7b7478ff5851ab13101e3bbf01ac1f64571e074ad01c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc524245bca046d3aa194dea8f8b3b36d63c894417b31cef5efe77a31144c070
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAC11C2171CD494FEBD4EB7C84A96B937D2EF8A310B5501BAD14ED329BDD28EC418781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434E584 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ;+_H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2001895812
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dcfb24be9842de7661eccfe0ef2f74d48b8f01bacdecd62056b32f6f1e9c158b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 608bb81609565c48e31550e1136bb2e661e2eae3c5fc5f4e9f365da579935838
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dcfb24be9842de7661eccfe0ef2f74d48b8f01bacdecd62056b32f6f1e9c158b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BAC1C431718A094FEB98FB2884A66B573D2FFA6310B14417DD05EC7296DE39E842C781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434079D Relevance: 1.6, Strings: 1, Instructions: 378COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: p:34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3059256899
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1af98d407688681dfd830d65e104ce67d59fca31cbdf63d1edfce0decf5f899a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 272ecfc4f30c92be4308c6141930691cb36c79512114735c6d7369e498095494
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1af98d407688681dfd830d65e104ce67d59fca31cbdf63d1edfce0decf5f899a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AB11821B5DA890FE795A73C44B52F57BE1EF9A310B1940BAD19DC32D3DD2CAC429382
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346550 Relevance: 1.6, Strings: 1, Instructions: 355COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ].4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1703428364
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4f56bff98c6fb79115f82b1d72277024253ab5208c906207e7f0b1948ed14d90
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 07c809de30403eeb75798cc165fa4447e6d0dbf00d2438304a6e780909047422
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f56bff98c6fb79115f82b1d72277024253ab5208c906207e7f0b1948ed14d90
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FA1C262B18E4B4BFBA8BA5894A66B973D1EF95300B54417ED51ED3386DE3CFC018680
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3416E7F0 Relevance: 1.5, Strings: 1, Instructions: 285COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: )$4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1723209822
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6ae2d3fb85c888bee7453a1c6595d4ca2d9dedf6243c350b928a6a0ba62d1193
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4daf0bbfec4d02ef6516aeffbdfa80be23e1c601c712bbf02e6524fa09c5f0e2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ae2d3fb85c888bee7453a1c6595d4ca2d9dedf6243c350b928a6a0ba62d1193
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4681243261CF088FDBA8DB18D8916B577E1FF9A320B14067DD54EC3292DA29F846C740
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343430F2 Relevance: 1.5, Strings: 1, Instructions: 266COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pC34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3984121244
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d3dfde560b695345060adcbf2a29738b293589d793b143ccc7c150b7a364f8e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 92737e3536279d8e682b8f287a27700e098adae5c412419467a0b26354aaf400
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3dfde560b695345060adcbf2a29738b293589d793b143ccc7c150b7a364f8e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 67815F31B089198FEB94FB6CD4A9AF977E1FF59310B4401BAD14DD72A2CE28EC418B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CCC7 Relevance: 1.5, Strings: 1, Instructions: 263COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: `C"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4005079315
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5fdcf8dd026b4b40a9da7204c6430d70a962cb6156c2b1ba23d06b6353f5fc6a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 05f4027eb2ad66dc15e11ec3e51248a4157d69b66be3623ec029435010ec5b9f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5fdcf8dd026b4b40a9da7204c6430d70a962cb6156c2b1ba23d06b6353f5fc6a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B712723F0CD1A8BF7A5A6ADA4761F977D0EF9A321B04007BE14DC31D2DE18BC429690
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434A4B8 Relevance: 1.5, Strings: 1, Instructions: 261COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ].4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1703428364
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e183cd008dba1182757e25fc04d666e89dc3cf055661d2b47c491be8dc437ee0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 986769db458cce1b3c3f8ce5796656f6dadd8f8fc4137878087f1eae448e86c8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e183cd008dba1182757e25fc04d666e89dc3cf055661d2b47c491be8dc437ee0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22719262B5DD4B0BFBA8BA5C90A65B973D1EF99300B5440BED55ED3282DD2CFC019680
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34344D29 Relevance: 1.5, Strings: 1, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pC34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3984121244
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fbe19e910d10c93670225a72bde23af98c12f60325b0dbe818db1b99e37b0674
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2c7b005b52b3af5cb9435cc937e7e057bbe43bcb01486940962d1e1ac0049132
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fbe19e910d10c93670225a72bde23af98c12f60325b0dbe818db1b99e37b0674
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97717031B08D5D5FEF94EB2C84A96E877E1FF69354F44017AD54DD3292DE28E8818B80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413E648 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: HB#4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2481419700
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eba6fa65283aa5868e8bc91dc1188ff5f07f48d3ae583eea05ede3cb5b09cf57
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 11530f29b19c00ceb7cac92ef3611a77a62abcb05f7fe38d8bdef68b82a586af
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eba6fa65283aa5868e8bc91dc1188ff5f07f48d3ae583eea05ede3cb5b09cf57
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 24510232718E0A4FD7A8DB19D898A7177F0FB9A310B144679D54EC325ADA29F8838781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CD7D Relevance: 1.4, Strings: 1, Instructions: 161COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: `C"4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-4005079315
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 65b2ec973e5c85a6da45a2495d270456952a5b71d2486dedda8f38cde5bacd52
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: efed7f4043ca3c95690be76fe01a2132570ee13704821069946ce03410ee7a7c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65b2ec973e5c85a6da45a2495d270456952a5b71d2486dedda8f38cde5bacd52
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84411733B1CD2A8BE758AA5DA4651EC77D1EFDA321B44417BD249D3282DF28BC0796C0
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34353E60 Relevance: 1.4, Strings: 1, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: Xl34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3153025936
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec0319942b3e7a54a1c72d047b01fb882fa406a9500605e2b0bce4aefbba0cfd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d9f4d9f2e4bc97cb1a41c92c59df4c897acd4ee27e15ec068f8f7efae3db9726
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec0319942b3e7a54a1c72d047b01fb882fa406a9500605e2b0bce4aefbba0cfd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1041F23275ED894FDB94EB2C98E46A477E0EF9A314B1841EBD18DC7292CD24EC42C742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413AE30 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3650643152
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7ab1dfec5f7fd34bd7c779743b0833a3008e0ea38fe8ef818a854c34e498f3c6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2f7001b23cfb170697163ece158bcdbdf0e63716f9f1b85ec56f47ad7dcc9d80
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7ab1dfec5f7fd34bd7c779743b0833a3008e0ea38fe8ef818a854c34e498f3c6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DE41E422B1CD4A0FEB98EB2C94B567A33D2FF9A350B44417AE14DC3296EE1DE8424341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414ED0D Relevance: 1.4, Strings: 1, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: XK%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2591407650
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 03349ad2b69fff78ec0faf9e2fdbc3c2e740749521235b7db0d2a9dba224c695
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d41429e19e2774abb1285adb2a325aed2929aee95aa6ad8a174718768f928bf3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 03349ad2b69fff78ec0faf9e2fdbc3c2e740749521235b7db0d2a9dba224c695
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B41C32290E7C94FD7529B3848791E97FB0EF57210B0A41FBC488DB1A3DA2C6909C712
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343553E0 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pi=4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1176580900
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8337342334c32452e9b0590e3e1404da077e0424348526c49c85c5d97ea68378
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8b0c19b7fe80555ba07624b85b46effdcbb55c31e77d2d500fa06035ae77118b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8337342334c32452e9b0590e3e1404da077e0424348526c49c85c5d97ea68378
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49410162A4EBD61EE793633854B51E53FA0AF13204B2D04F7C2C8C7193DE2CB8469751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34143638 Relevance: 1.4, Strings: 1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: 8u#4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3657180733
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d069a5ec603534e0b9b40adbcf2d6496c5269068daeb71e0646dd9d8640cfc39
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5d81e5ada0b682d6a897a4954b7df978a6b717db74d62e6a173f1a2d48fad360
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d069a5ec603534e0b9b40adbcf2d6496c5269068daeb71e0646dd9d8640cfc39
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BD415B71A08E4E4FEF98EF6884A96BD77F1FF69304F00057AC409E7295CE39A5418B40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434C785 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: ].4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1703428364
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5f5c7e64ab9f0d483b34d2fd3b6ef2c869969f805ea08f34772ec0fcf485a6bf
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e633946aaa8083b4075a192e6798fad2f4d4fedeee684c542fe3bd9cf46e42d6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5f5c7e64ab9f0d483b34d2fd3b6ef2c869969f805ea08f34772ec0fcf485a6bf
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1331F062B59E4B0FFBA9AA6840A56B477D1FF66300B5541BAD419D3382DE28FC018280
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34347111 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pG04
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3244041859
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1c724cddd9d76caf0e4a31e084dda5e539fd1d034dc1e66cffc7e83142c8229d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d77f2dbeae1f444909fe286da272eb7df65a163a9e74a5f1c6221d7957013f6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c724cddd9d76caf0e4a31e084dda5e539fd1d034dc1e66cffc7e83142c8229d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5031D631B1CA0A4FEB68EB2890516E973D1FF95714B6042BED11AD7286DE39E80287C1
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414DFFD Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: CV_H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2247160564
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cb5b54e640ff3c5e364f24debc6f67225a18d1f0113330afdeab04471597df8f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f2f1bafe1712bdcca539b82c58b4cd1f2705ffdb1ed5e599482102fcda8a2fc6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb5b54e640ff3c5e364f24debc6f67225a18d1f0113330afdeab04471597df8f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8331C17171890A4FEBA4EB6C90A876437E2FFA9311F5500BAE54DD339ADE28DC418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434727A Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: pG04
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-3244041859
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b8e3380e27859db8b470b4ab916838bad6521440ed4b2159fc85e9ad7d72323
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b9a40a0e2afaa3729e2be600723a07e7bc9734d49e2181cc92cff701656fbf17
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b8e3380e27859db8b470b4ab916838bad6521440ed4b2159fc85e9ad7d72323
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C21D431B5CA0A4FEBA8AA1CA4916F83391EF55320F50017AD50EC7252DE39E88287C1
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34340EB8 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: h+34
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1041315956
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: f6b2d4bcacf4a246a0c1469624f0d7b21d74b0aea2a66ddf181e0b0063ca9999
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 370ad952966a66a54c62dbeb6e94bd618859e6013586ac8ff4e5d0e4cfd45001
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6b2d4bcacf4a246a0c1469624f0d7b21d74b0aea2a66ddf181e0b0063ca9999
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7016832B1ED0D0BEB98AA2D18A11B673D2EBDD21074800BFE50DC3397DD29EC428381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34135FE5 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: H
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-2852464175
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c2dccdd01f5cd4cabb80e1eaeb67b94737d8661a10f9d63660948cacaf4051e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f9822330d5d963810bf93ba2010512e2d355496db7842a9483b8462b14542e4d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c2dccdd01f5cd4cabb80e1eaeb67b94737d8661a10f9d63660948cacaf4051e6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60118217B0C6A14AE262B2AEB4B20EB3B54DF8327D70D45B7D1C89D0639815148EC6E5
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3415560E Relevance: 1.3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID: @6%4
                                                                                                                                                                                                                                                                                                                                                  • API String ID: 0-1408318033
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 59f9ea1ee0963b2de66808042775df2fad992eb8c4fe703fe96838e2ab95261f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: db4cdc9abb5afc3efccd84c525349d868d68ade7f1c64484719883e883d1f49e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59f9ea1ee0963b2de66808042775df2fad992eb8c4fe703fe96838e2ab95261f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81F0B422F18E1D8EEF90EA1884E97F8B7D1EB69760F4402B4C50DD31CDDE2CAC809280
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CFC8 Relevance: .6, Instructions: 628COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 180e2ab0e891c8c402df03d97534c34965553832eafde737e8ea0990ceeec5b4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3cd2eac2a46f04d9f1b9168811d383e16c0ebe43ff5cc69929aba5090a297f6a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 180e2ab0e891c8c402df03d97534c34965553832eafde737e8ea0990ceeec5b4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3C12E431B1CA464FE758DB1C84A663A77F1FF96741F15803DE18AC329ADE28EC029742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34150E7D Relevance: .6, Instructions: 608COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 834bdff58573d9819f805bfaa34911be0a7f0a37eef67dac43c9ed768dbbee18
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d09d80d447614a64971f3cd794748c1280f1bab717afdfef950c823c61227201
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 834bdff58573d9819f805bfaa34911be0a7f0a37eef67dac43c9ed768dbbee18
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65021932B0DD494FEB99EA2C98A56B53BD1EF96310B1441FEE58DC3297DD18AC42C381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343513B5 Relevance: .5, Instructions: 452COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 40f202603996b18055b160204e084efd654dd799b6ed3f40bd418d0b6a091afa
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7fbdb26fe3d8ff014f26459238654bbc527bbac6fce05d1519a26857902ebdb5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 40f202603996b18055b160204e084efd654dd799b6ed3f40bd418d0b6a091afa
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 34E13A31B08A4D8FDFC4EF18C4A4AA977E2FFA9354F1501A9E44DD7295CA35E842CB81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34139FD0 Relevance: .4, Instructions: 412COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c6764bc66c2379662308c562bb5f303fdf4a1926ceb39e2a25c1e01c6b207747
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cfd70d4dba2e86b612e57cc06e3bb5a6615e2cc33d105629307ac049dd1b77c3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c6764bc66c2379662308c562bb5f303fdf4a1926ceb39e2a25c1e01c6b207747
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 88B15653B1DD4A0FF7A5A76C58AA2F467D1EFEA210B1841FBE05DD3297DD18AC028381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414E66F Relevance: .4, Instructions: 398COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5d2fcba2974d0839b54086f3195851cc81b8c84ecbb88a7e2407097e7acd71dc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1042464b0c449aa1b87fc185061e664ba56c4d5b67b2a43b92bc02c153ca4196
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d2fcba2974d0839b54086f3195851cc81b8c84ecbb88a7e2407097e7acd71dc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55C1A522B18E4A4FEFA4EB2C80A5BA477E1EF65301B1441BAD54DC739BDD28EC45C781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343453B0 Relevance: .4, Instructions: 372COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 75af607a286d12c61e03dc0bba06ce2940e05c485b7e5c6b244bf3e86f0875ad
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 61e8fdf00c63f5c9ade6bc9c790a097ad4d4e553e5c4511d4c63a7e503f1a9eb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 75af607a286d12c61e03dc0bba06ce2940e05c485b7e5c6b244bf3e86f0875ad
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68C1B571E58A5A8FEBA4EE5C84997B977E1FB65300F40407AD41DD32A2DE38AC428B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341386DA Relevance: .4, Instructions: 366COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ad9ad670be78ff2523a98031cb3d91a1bb7893a67da02f8f6c6da663ec113e4d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a6ae74fca8f3f8e1c3a808d5abb21946ffd9ed0082cfda265fd6bcf96bc11b9e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad9ad670be78ff2523a98031cb3d91a1bb7893a67da02f8f6c6da663ec113e4d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EAC10632E09E598FE7A49B68C8A57E87BF1FF86310F0401BAD04DD7292CA7C5946CB51
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34133FCD Relevance: .4, Instructions: 365COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 702ce184bf9019799873fc4e278ea8b9b045c9e333097cb8ce0a85422dc1ac49
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e159d15a6b039bee9ed157a32ca93bdf09847f00215e05d1dd8da4618b5153da
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 702ce184bf9019799873fc4e278ea8b9b045c9e333097cb8ce0a85422dc1ac49
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 30C13532E0DE994FE765DB6498A56F97BB0EF53310F0402BAD04CE71D2CA2CA846DB51
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434ECBD Relevance: .3, Instructions: 349COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 900c15a3ee8c06f2ad4b0c6ff773a45da13396f2902e683247b4c828f1d208e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c96d88cf1bcc2738da22e1bd15ca0e337a060e741d8a95fd219c27388d262df8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 900c15a3ee8c06f2ad4b0c6ff773a45da13396f2902e683247b4c828f1d208e7
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ECB14B31A4E6834FE359A72888E65F47BD1EF83314F1441BED58AC72D7DA3C68869341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34354AEF Relevance: .3, Instructions: 321COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: feeda43c050f15a8b47606d4b96428ee2dd04203dc71fcb7ddb79006c82004f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 90f57013a408869f0db22e8c55ad418d413d51e11319a9b9e85b111c8ef9ab83
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: feeda43c050f15a8b47606d4b96428ee2dd04203dc71fcb7ddb79006c82004f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95A1032171CA494FE798EB6D886577977E1EF9A300F5505BAD04EC72A3CD2CBC009751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34132F45 Relevance: .3, Instructions: 308COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7db50bc52ba686534ac91cdb23a61a88b3521387cfe30e6c9e3622257ade40b4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cfb7d4244457b8a21dfaef4d3cc9df45cc83a4835262e43ef3af93cdc12763f5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7db50bc52ba686534ac91cdb23a61a88b3521387cfe30e6c9e3622257ade40b4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEB1D170A18A1D8FDFA4EF58C894BA9BBF1FB69311F1041AAD40DE3251CB74A985CF40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414DD70 Relevance: .3, Instructions: 304COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: dc7935bb2eb97f2cac17a46b181a721d40ff107026388f1647ed678e3a048d82
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 81f696f9bc51c41d3ee3fbbf56c6b290728cc2fd5e128305252b82f8df4fe1cc
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc7935bb2eb97f2cac17a46b181a721d40ff107026388f1647ed678e3a048d82
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9381092271CD190FEAA4EB1C94A97B933D2EF96320F4601BAE54DD739ADD1DAC434381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34354B63 Relevance: .3, Instructions: 303COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2f07cef7b165c4a912028ba16f7471920452359a71b69d24fd75ee29fd21f2cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0baa336e9aeafab32323867b2b93232160397205b7e48a6716160fdb29a42f3b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f07cef7b165c4a912028ba16f7471920452359a71b69d24fd75ee29fd21f2cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E891012172CA494FE798FB6D886977977E1EFAA300F5501BAD04EC72A2CD28BC008751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A7D3 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 58138b7991bb2c3c219e42b5b963bed07c5e000e36421b0fcb1b3655066f79d8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cf89a3e0dbbd381b9dcf9436d08338cd5f504669fa0781380b10f40e64b2b3c7
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58138b7991bb2c3c219e42b5b963bed07c5e000e36421b0fcb1b3655066f79d8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 03913413B0DE824AF67276EC68B20FD3B94DF533B5B0845B7D29C9A0C39C0D244A57A2
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34343925 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 24558ca2f45456f6fb3d077566347a9e3a8331f9c35eaa7417bc5738eb391b8d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: f832bb2342d533855e11e4be8ad61aa2c9d01fa96c4f7a96fd14c0d38d5467ed
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 24558ca2f45456f6fb3d077566347a9e3a8331f9c35eaa7417bc5738eb391b8d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A81F73174C9494FD7A9E72CD4A57B937E0EF4A310B5500FAE58EC73A2D928EC428782
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414CF47 Relevance: .3, Instructions: 290COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42c3a5b024c1699190507a5020ef52a82452b88d763be6030eee09b3b86fe450
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 9fec15861b20b0e98789f7139530df45783883dd9a42f30d79eb26da9a08ae30
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42c3a5b024c1699190507a5020ef52a82452b88d763be6030eee09b3b86fe450
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13915B32B2DE464FE3A5972894F12B93BE0FF47310F1441BBD58AC71D2D91CA8869B91
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34135D3F Relevance: .3, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 42df5aa65552bb4577fad62f51f9f11176bd63893afd8bf3c7717a22a1df84ee
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1af6a7c55966d59365d0b94e6699314947ff1a253d8c687cca377b452112976a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 42df5aa65552bb4577fad62f51f9f11176bd63893afd8bf3c7717a22a1df84ee
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06818B71E14A1D8FDB94EF98D495AECB7B1FF9A700F40417AE449E3286CB34A842CB41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34134610 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0e6e1ecf82536f1a96eed9e2f93760b3dc5d3c9c7dd9e56897b9eff81faa260a
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dc634d6c75ccefe01c0aef10ebbcb343c03b2e2a8055834d68b1159b4d21ad97
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e6e1ecf82536f1a96eed9e2f93760b3dc5d3c9c7dd9e56897b9eff81faa260a
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23918D71A18A8E8FEB84EF58C8A4AE977E1FF59300F504179D419E7296DA34E846CB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414CE18 Relevance: .2, Instructions: 244COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b43ba8bd6a1b66a5a905d937c146c1f67bb91f9e4d43d5f71f9d7979d5813510
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ca242a327a63873cb03b5209c4aeb3ebb8890fddc213829f60a8a182f1e5872b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b43ba8bd6a1b66a5a905d937c146c1f67bb91f9e4d43d5f71f9d7979d5813510
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6711732628F454BE768DA18C4D56F5B3E1EF96300F1045BED54EC7292DE29F845CB82
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434A0FB Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ed19ee8bf8eaceffde2ded588a9fdae7dec223741a27e6d78bad806f917990f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 53e46ced7e908d48ea499d717862d0697003eefa6a6d6341cc67ef7120466ec1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed19ee8bf8eaceffde2ded588a9fdae7dec223741a27e6d78bad806f917990f9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA7138B2A08A0A4FEB64BFAC94962E977A5FF95310B44017BD91CD7246DE38E845C780
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34152CB5 Relevance: .2, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 21a0ca8073bcfe8ce7413462b2a77e366eb802395dd0bb9bb33ec72489803b97
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4e574282a1e87527812937eac1160dd29cc2ce34552e8c62f3d89dcc94df1a4e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 21a0ca8073bcfe8ce7413462b2a77e366eb802395dd0bb9bb33ec72489803b97
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3615833B0CE4A0FE7699A2C98A52B5B7D1EF96311B1401BED58EC32C6DD1DB8428780
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343514CB Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 08344aa20b068c4777ef74bba0a50a5537b73b4166a52ff345f30cc5ea25a513
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e45b34b421362dd32463993962d8912d4335af3339dfa56cf85a6b00aaeab036
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08344aa20b068c4777ef74bba0a50a5537b73b4166a52ff345f30cc5ea25a513
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5D713C31B199098FDF84EF18C4A0AA977E2FFA9314F1505B9E55DD7295CA34F842CB80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434EA18 Relevance: .2, Instructions: 234COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d52b03ebc94bd39dde70804a76ad2418d07bd7d9cf3e3f1f44dffe7e8d3e6b54
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b4f7b189b3bff240205e33c3b2e1f348c94411a4296a7872a7c35557773fda9d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d52b03ebc94bd39dde70804a76ad2418d07bd7d9cf3e3f1f44dffe7e8d3e6b54
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2711470D08A5C8FDBA8DF58D885BE9BBB1FB59300F1082AAD44DE3251DB74A985CF41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343407CC Relevance: .2, Instructions: 219COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 966b0a36a747647d581d46547cfe4ba98a10306f1662c42e9a803f39adb1d3fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 24f60e29bcd96c39c9850155a8e13f1c56f9a25100cfcefcba7196d646e2f7c2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 966b0a36a747647d581d46547cfe4ba98a10306f1662c42e9a803f39adb1d3fe
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26510431B1DA494FE7A8AA1D44A46F577E1EF9A310B1500BEE14DC33A7DD28EC029382
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341305A0 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9e32b922ded5ef693f174789bc40902daec040d04d6580a6fcf78c2400af3007
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6bf13cb6f65dd61c85cbf4d12dc5f05262be0d4f12273dbe8190407a5c0c85fb
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e32b922ded5ef693f174789bc40902daec040d04d6580a6fcf78c2400af3007
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A616A32E18A1D8FEB54EF98D4A56EDBBB1FF5A300F54013AE50DE3281DA3868458B54
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34138D32 Relevance: .2, Instructions: 215COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ea80ef8191579b93341e92a114d86a8e42a69de0d5f6f3c8459fb7e9a8b2d51b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: acb429ecc7ff408c3f9a5a7dccc13cffee086ca02b062d072460dedec8e6b3f2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ea80ef8191579b93341e92a114d86a8e42a69de0d5f6f3c8459fb7e9a8b2d51b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B718271E18A5D8FDB94DBA8C464BED7BF1FF9A310F1041AAE00DE7292CA795841CB50
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34134667 Relevance: .2, Instructions: 211COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a637015061763a5cfc24f77081d33aa58088ffb6b33df876b1c53e3f24a68ad4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 78b44d6f72b823db464fde13d183e038ea52818939e52ec5090e1303827c8067
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a637015061763a5cfc24f77081d33aa58088ffb6b33df876b1c53e3f24a68ad4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99713B71A1494E8FEB84EF98C895AEDB7F1FF59300F604269D41DE7296DA34E842CB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343420A9 Relevance: .2, Instructions: 208COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b747e7cbb160498a64fa339922c851c4d119f1a3a9801bbe68b5e970bc42d96
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 383d737c71b1afeba12fb53e13d3fb721949b371abe9d59f573f7ef728bca110
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b747e7cbb160498a64fa339922c851c4d119f1a3a9801bbe68b5e970bc42d96
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F961913171CA098FEB94F76CD0A5BA673E2FF99300F504979E05ED3296CE28B8418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34151619 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 92998e1ae0bb2c5d13a562af5a996da6dbed24cce7d0ab90c6bf9e47fc268111
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 58a0c95854cf05898287fbf275c121541aa37f47d8635e49b8e7c76cfa3f5969
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92998e1ae0bb2c5d13a562af5a996da6dbed24cce7d0ab90c6bf9e47fc268111
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5751B821B1CE590FDBA5EA2D94656B93BD1EF99750F1401BBF44EC3297CD28EC418382
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A848 Relevance: .2, Instructions: 194COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a79ee55112da05393d9988b69142ce35bd677e030b7e86dacad02973a836b753
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 980e510ebe9b22f6110eb93d2bb6876f73f838635f7e5db5dc31c9f546170b68
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a79ee55112da05393d9988b69142ce35bd677e030b7e86dacad02973a836b753
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6851EB03F4ED820BF67262E824B21FD6B94DF133A5B0801F7D69CD60D79C0D684A5392
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346074 Relevance: .2, Instructions: 179COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6f1c19cb3c070144a409edbaaaea39ce7665aa828e9d1ffc3659a2666b72a5c5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4c33bb1027375e56e9c2197a22c2503b9358bbd38f01366cc91ca518739a22ff
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6f1c19cb3c070144a409edbaaaea39ce7665aa828e9d1ffc3659a2666b72a5c5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9241D331B5CE094FEB68EE1C84A55B577E1FB95710B14427EE48AC3252DE38FC428781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414AFD9 Relevance: .2, Instructions: 170COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e42bf7059a6b77598d8309eab16a6129bb568783372ea11c579e9d2558d673d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c33fc6a9fb1e57c64afb26b7ebd5732329217971dfb43d09089d1084ff36893e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e42bf7059a6b77598d8309eab16a6129bb568783372ea11c579e9d2558d673d6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA512871E08A1D8FEB94DFA8C4A56EDBBB1FF59301F10007AD009E3286DB396985CB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3415071E Relevance: .2, Instructions: 166COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4fd49edd1ffb704e97dedfd265d8669cbde8c5437c9deb81bcb267834c4221d9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 100aa1bf08c7112b7b1ff9cef5baa9bc8c7a51bba4f70322f8c2054a053109a7
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4fd49edd1ffb704e97dedfd265d8669cbde8c5437c9deb81bcb267834c4221d9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE41041260EEC61FE79692BC58A96B63FD1EF9B220B1901FBE18DC71A3D90D5C079341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343530AA Relevance: .2, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 31fce8163e92e0c7be46560f6b8bc63f98b1c4dcb7be730c0b68ec03aa33279e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 16b28dcd62cd232a9399d366ec4a980a2960dae334fc2545c92b45bfc4890b3a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 31fce8163e92e0c7be46560f6b8bc63f98b1c4dcb7be730c0b68ec03aa33279e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2511831A199498FDFC4EF1CC4A5EA97BE1FFA9344F0400A9E45DD3292CA38E841DB81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341495CC Relevance: .2, Instructions: 158COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6da5b8eccd62ea491109388b776e7918da4b151df6de3de255a2f2d319d27949
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 952e291233d5a1a97cbde9bc2068b62b25720fc076284fe239488937ae6a77d8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6da5b8eccd62ea491109388b776e7918da4b151df6de3de255a2f2d319d27949
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A451DAA271EAC54FE7A2973C54E96A93BE1EF57210F0805FDC08DCB2A7D9186806DB41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341345FF Relevance: .2, Instructions: 156COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4178621e47e3ec7ccf4fe77caa2b93f0956a45bd19a7b7fedc74d035a490a0f1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d2df8845ebcb0e2896008c977e559dfb943c09898b64554a601ffc26d0162b1c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4178621e47e3ec7ccf4fe77caa2b93f0956a45bd19a7b7fedc74d035a490a0f1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1512F35215E068FEBA8EB29C0A1FA573A2FF55305B60497CD44EC76D2CA79E942DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434A449 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7a5c30386414ceb4b68e20b380e5e6844bb85d41b8a8d5fceb5d9bf3092bf303
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d1215460d20345488e04404dfe9e1363e59f6e00d1994b0827447c1fa5b488a0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7a5c30386414ceb4b68e20b380e5e6844bb85d41b8a8d5fceb5d9bf3092bf303
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F641E452F1D94A0BF7A8BA5C94A61F873D1EF95300B1440BED15EE7383DD2DBC059240
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34341A43 Relevance: .2, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ce4c3ea54e4d5105711fcad67d734450c86c7d0f2105025da0ab2093f22c162d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cd82dd54f7199d372cd1aabf50026e50382bcb78acc02564a1a81d96a8703b55
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce4c3ea54e4d5105711fcad67d734450c86c7d0f2105025da0ab2093f22c162d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C341B022B58D4A0FEF94F62980A97F563D2EF99310F5401BAD50EC7296ED2CAC425740
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34155667 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 65b24263958123d6978dd33ab8e96ec96fa3e3adac39aab0e3e49dd5845ef91d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 583fac4b2c602f405031b85f4516a24c1e737c1b806142f6290d574cf6ed4028
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65b24263958123d6978dd33ab8e96ec96fa3e3adac39aab0e3e49dd5845ef91d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55412B73B2CD464BFB98AB1894A22F477D1EF96714F9441BEE04ED31CBDD28B8418681
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343465B5 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3c282840e2fdd60403d828bced92d49c21c88c211bbb135796444cd9b81f2acc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5208e2c42a0b00e6293a5dec6c3466cc6dda1d761ad190729f85ddf095b2ca9b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3c282840e2fdd60403d828bced92d49c21c88c211bbb135796444cd9b81f2acc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5416C71949B894FF755AF6844A92E43FE0EF67304F4440BBC499C32A3DD386C418B51
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413356D Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b1112200505ca3c0f52f306946b83598f602040bbd1bc3f33adbd00ae4d848d5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: d099835999eb12058213e6255765bbaea8e30f6fc528fa7d0e438db7a6cc0b8b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1112200505ca3c0f52f306946b83598f602040bbd1bc3f33adbd00ae4d848d5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A51E4B1E24D0E8EE754EBAC846A7B873B2EFD6311F5441BAC05CE7392DE251800CB91
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34142CD0 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8ec0189a2f118e1d7e19e4a7ca9672487ba576b5de7764249871f94f234ba4a5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7b71ee18834a2c48146bfa672257a13cc6e63ed8be0f0f43ef7d920a8be08a9b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8ec0189a2f118e1d7e19e4a7ca9672487ba576b5de7764249871f94f234ba4a5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF315773B18E590FFB94A62C98A93BA33E1EB99350F05057BE44DC33E5EE5C98425381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341304FA Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: cd9f75139c5d49c6118f733ed3db71fe90f81b56809eaf47a5067326cea6cfbe
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1c8f62519e735df59034496fbd8ebb492ace12c368455566dcebce350fdc8128
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd9f75139c5d49c6118f733ed3db71fe90f81b56809eaf47a5067326cea6cfbe
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7416D72E18A1E8EEB94DB98D4A57FD77B1FF96311F10013AD10DE3281CA7858849B81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413FD9E Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 117427900796b996011bbfe9cc4289c65540c96dfabfe13dfd71a46aee0972cc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ff11ad96402d1e2e759febe206e795b487e5a56a3dacacb6610e8bea87a10463
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 117427900796b996011bbfe9cc4289c65540c96dfabfe13dfd71a46aee0972cc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E8412F72F14E594FEBA5DB58C8A97A9B3E1EF59700F0001F6E41DE2292CE346D828B50
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34133048 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d3ef54dcf933f6b880bf0f67bbe35fda202f2b3311e4ef9ede370563c35b6fe1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 84c41ad9482d4767c2f95661c3fc6fa48cd8087745614e76b127cbc8c7c910da
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3ef54dcf933f6b880bf0f67bbe35fda202f2b3311e4ef9ede370563c35b6fe1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1417F31A14E4D8FDB88EF58D8A5AE977F1FFA9311F14413AE409E3295CA35A841CB80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413FD93 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 69b8977eb9ac7bf6072d57f9a34aebdb366fb4bf8f83529c6c74d40075d69a2f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 07e67b73c51a6b0375e48e6d0d64cb2e8522c7affe68ba7de9fc751f3c2d2568
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 69b8977eb9ac7bf6072d57f9a34aebdb366fb4bf8f83529c6c74d40075d69a2f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95413D72F14E5D4FEBA5DB58C8E97A9B3A1FF59740F0001F6E41DE2292CE346D828A50
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34135768 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c8cc3e6e8a3e4ddbfe3568a23cb7f3712071ba68132d9b76512adf8abbfbda9d
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 67ebd802f89c04061e224c6f6db145c95ecc49a868aae9dcfb58ebeccd4cc5b9
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c8cc3e6e8a3e4ddbfe3568a23cb7f3712071ba68132d9b76512adf8abbfbda9d
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0C419F32E09E1D8FEB95EB68D4616FCB7B1FF4A710F50047AD009E3296CE79A8418B50
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34133005 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 85cb8d7370b6b83d690623568ca24e91fa5753947955fdd9d6e36afc536583dd
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6e7c8520de3c4be6d263eff4db04fcebfa2a154005216c5c688aafe8ea03a0bd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 85cb8d7370b6b83d690623568ca24e91fa5753947955fdd9d6e36afc536583dd
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E141AC72A18A5D8FEB94EB68D8A47FD7BB1FF56301F04017AE408E3291CB385844DB91
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434030D Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 50f88fb1cf68839406e9f96345d2c40daa7c7196c7832bb246e1b14ccca0faa8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: fc46dc6905aa6a4750fe4d0c0d2e4fa365571e57f87c98972f11dabb13a07b4f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 50f88fb1cf68839406e9f96345d2c40daa7c7196c7832bb246e1b14ccca0faa8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B8313B22B4DEC90FE795A73C54756E93BE1EF9B314B0540BBD089C7292DD2CAC429341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413AF99 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a1d6dd6b91eabdc0781add5bf353319a3cca5ae650353435d6bdd9ff0c5a27b8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1432d147de30819ee7ac687dfb07c53232e63635dc7821f9ba5a35b3a8a3e0e1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1d6dd6b91eabdc0781add5bf353319a3cca5ae650353435d6bdd9ff0c5a27b8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5B310232B1CE8E4FE795DB2888B95BA7BF0FF5A210B44017FD559C31A3EE2968018340
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413BF69 Relevance: .1, Instructions: 130COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 990ec356d424d0b9afe22d9294fb39d5258903ec14ac0538413fbaaf6aebbe8b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8fc5c5156f45f451c736539d44f73c0cdc50217d25f811bb3e0e6e3cc780b682
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 990ec356d424d0b9afe22d9294fb39d5258903ec14ac0538413fbaaf6aebbe8b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2231C427B0DEC90FD796972848755753BF1EF9724070940EBD189CB1D7EE1C98069312
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434CB69 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6069b880cd8907976e6112e6a5f95b47c37cbf2ba1996535043a1427673bbf1f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3e97ebf0b2b7985a15ad57871d389ca941094d354de14a409e6208beb6dddac0
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6069b880cd8907976e6112e6a5f95b47c37cbf2ba1996535043a1427673bbf1f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41163064DA4A8FD795EB6884A0AB13BE1FF96304F1905F9C149CB297D63DEC42C791
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34351A65 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: da635835837138f46ee647ea690df7419d6041dd382a00266643118b0eacd5f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 0601d37e7637304dc77e3638a5ebb5d3deaffc8e49c7f591da2d92af277502c2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da635835837138f46ee647ea690df7419d6041dd382a00266643118b0eacd5f3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9931B821B1CB544FDB64E61C98A577A77D1EF96710F0802EFE549C7293EA28BC4183C2
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434F320 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 79f708563969933874e93303a7ae81352fdf8e70ba3034dcced5db9b45a56ede
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 7e9dc4a4f8f44c07c194a3c2efcc65b90d01bb2cd30b4660934537a7429feef5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79f708563969933874e93303a7ae81352fdf8e70ba3034dcced5db9b45a56ede
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1531F72270DE8A1FEB99DA6D58A42653BF1EFE725471402FBD08DC3296DD28FC068341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413BDE7 Relevance: .1, Instructions: 123COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ec9ccc593a3a8faa4482274027f34d4f31164f8e953f4d8fc4a2609444a7ad5f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 835f83361d9eda4e0fbb51e252b756e7cc7b725e9b806edfcbb721f7c25d7c69
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec9ccc593a3a8faa4482274027f34d4f31164f8e953f4d8fc4a2609444a7ad5f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA317B13B0CE8A0FE7A4EA6D54A62B677E1DF9A310F14027BC14DD3183ED2CAC064741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346585 Relevance: .1, Instructions: 122COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a30cda4f0de5bc773638fdf24be96fbe47af36cda78fd42a93ecff60ff369ecb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ad5c8c920ffa5987e1d8282bd456ee45df36cb2ca40dc38f2f936b1518864b36
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a30cda4f0de5bc773638fdf24be96fbe47af36cda78fd42a93ecff60ff369ecb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4415A31D58A4A4FE791AB6844A92E43BE1EF66300F44407BC45DD32A2DE3C68419B41
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34346755 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: d285d97f2ae13fe8c658f4ca413a189a4e7f3ef89b9487c110dcbdfd73469ef6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 20fbe392c4a5be17bc28107ebf9a4d1bfee548b30a5f7bb3d84be1f4d0c09c9b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d285d97f2ae13fe8c658f4ca413a189a4e7f3ef89b9487c110dcbdfd73469ef6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7E31D461F58A1A4FEB94EE1884997A477E1FB65300F4040BAD05ED33A6DE3CAC42DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414CF3D Relevance: .1, Instructions: 120COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2b91510e801757df1b70fd77d3dead559552d5f0d9919769e8e9bb6a362dc530
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 83b2902486072b2d81a8af1590364e302e2e74971fa9f236f2d810d8a9ca7996
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b91510e801757df1b70fd77d3dead559552d5f0d9919769e8e9bb6a362dc530
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58318032718E098BD768AB18C4E4AB9B3E1FF5A304F5041BDD15FC3299DE29B8429780
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34139FC8 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3d5a891aff1a685ea9a9afb170119e3463c4813375f7c11facf7ad98c31b7ea0
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 463c498afd625d258f17d8b873479ddc585fd5d34648dd2ab8731cd59235a194
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d5a891aff1a685ea9a9afb170119e3463c4813375f7c11facf7ad98c31b7ea0
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9315F63B1ED490BF7A4A63C18EA6F417C1DFD6314B0840FAE59CC3297DD18DC028241
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34144040 Relevance: .1, Instructions: 116COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b97700c35fa5db8fec40bd862143b61e01bfb0a7574797969d7dc581c86a6248
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 86c10e958e714cb417050a15795c4a491474865f0a119224b383a80596528824
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b97700c35fa5db8fec40bd862143b61e01bfb0a7574797969d7dc581c86a6248
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1221F623B0DD0E0FEAD8E61C64B527927E2EB99255B54017BEA4DC338DDD19EC025350
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34347D29 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: ddfd77788e8ae51848fe15bb929717dcfd1f50462847129ab22beb98f969c670
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c706688528d4e4bdf2698de4e5f13115cac07fa51566d688e409bdd9ad41e1cf
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ddfd77788e8ae51848fe15bb929717dcfd1f50462847129ab22beb98f969c670
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C331D912A1EE950FE796A73C58691B53BE1EF5721070900FBD489D73E3DA1DAC029391
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341304F8 Relevance: .1, Instructions: 108COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e63391823fd52b27a164151a775c359a81a939c54649b29a85780492795966f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 15bfd3449e78bb0346d3f290134f62d1b3f5e3c2df0bfe23c6360f364970e548
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e63391823fd52b27a164151a775c359a81a939c54649b29a85780492795966f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A1315C72E18A1E8EEBA4DB98D4A57FDB7B1FF95311F00013AD10DE2281CB7859849B91
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434CD2F Relevance: .1, Instructions: 107COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0741e7ce62218619f8fe2c275f263911deffae27fce5777368c310239f11d09f
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3abcdb49bd9437c1c129478092986b527e9a3fac4feb859726b6d525722c0417
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0741e7ce62218619f8fe2c275f263911deffae27fce5777368c310239f11d09f
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA412C71A156198FEB68DF58D8A5BE8B7B1FF59300F4141AAD40DE7391CB39A980CF10
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414D84C Relevance: .1, Instructions: 105COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 15c32ce5c4f04f1514c5998e7cb7f998200635341eba01bd17b9823bf2b7e22b
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 12b7fa4a9e8c7b610a50b0439365f0ce3abc41ee0eef4e51559885969ee4acc8
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15c32ce5c4f04f1514c5998e7cb7f998200635341eba01bd17b9823bf2b7e22b
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E318131A08A5E8FDF85DF68C8997E97BF0EF5A301F05007ED549D32A6DA289841C790
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434EF38 Relevance: .1, Instructions: 99COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eb5e224604112d0b177491791dd7a285670b7d516bffcf5ec8f692179b943863
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2d1e9249e0c8eb8b825315bda46204c4e62d23187f9ca7c4a303c41b1144eea1
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb5e224604112d0b177491791dd7a285670b7d516bffcf5ec8f692179b943863
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48212631B0DB490FD729AB29D8A16A5BBE0EF96310F0541BED48EC3292DE3CA845C751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434D11E Relevance: .1, Instructions: 93COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4eaa6ea0e83aa53b169c66e5209066bf22fbdc7b6fc021e2cbdd58bfd8e829be
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c0c7cb650dfc66e94c51f34487363274860b6e7bee57d5cf5597f2daa9afd1e2
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4eaa6ea0e83aa53b169c66e5209066bf22fbdc7b6fc021e2cbdd58bfd8e829be
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C431AD31E4964A8FEB94EF5894A03F8B3B1EF57304F55507AD41DD7292CA39A885DB00
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD341454A6 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1bbfd2811d4f8c22b754acd8db4b17ca06d836794aac7d20dc81a8598700097e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 997f95c001bdbb379afe083cd81d4b7ad3b3cbc85f02cb78cdb314454761c307
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bbfd2811d4f8c22b754acd8db4b17ca06d836794aac7d20dc81a8598700097e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7311362270CF4A0FE798971C98A4A7577E0EF96324B0401BFD14CC729ADE19E8028340
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34146D78 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 15ccc876b3e3265dc8c46cc05e869d800262d0dd9d462b022b2c985da8efe433
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 146008012841d32f34f8dd2f450d9105725027f9ff526df5d7269d68954faa91
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15ccc876b3e3265dc8c46cc05e869d800262d0dd9d462b022b2c985da8efe433
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3821075372ED860FF751A32C88656A83BF1EFA7644B5D80FAC048D72ABD91CAC05C341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34145DDD Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0cd23b2b6c276cf2e0d645e74ebf0eca6bfe7869688e2af5dc90e49c958c7aab
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 54b8be9e53f38f2f3fff292b10c1167057b8111ee08e8cf061e9b2e3588dcc73
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cd23b2b6c276cf2e0d645e74ebf0eca6bfe7869688e2af5dc90e49c958c7aab
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE117A33B1CD090FEBD5D22CA0A92BA27E2DBDA27531402BBD54DD329ADD1898434380
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434DECC Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 0bfbf0a957bf87fc6bdffb8f243b985d352ac383cee03fdeb0579a17b5b456a2
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 24351eb2e3ee7a136b60f879479afe75cf0fe48c5c47dda19f7d029c9f824c5c
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0bfbf0a957bf87fc6bdffb8f243b985d352ac383cee03fdeb0579a17b5b456a2
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2210772E4D94D8FEB64EB58A4652FC77B2FF5A300F01017BE109E3291CE7868418790
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413BE2B Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1f7ceb89b938c847754a6ae9897519ab5cba491ef303ac226ba3c74d34b23796
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1da71593fe666bac4a086e3874e0e8711bd5e92b31a3864151f5885530c5f4fa
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f7ceb89b938c847754a6ae9897519ab5cba491ef303ac226ba3c74d34b23796
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17213213B0CD8A0FE7A4EA5D54F62FA63C1EBAA350B04013BD20DD7287ED2CA8425381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414AE90 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: eff5f2286668461fcd246b796b60fc6f72722f4342b5af8c2ff8b714804b39ff
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 60ab6d3d3030559ca899e7c35c6d5105f5e1b6fe54af7dca320ee566016f7f8f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eff5f2286668461fcd246b796b60fc6f72722f4342b5af8c2ff8b714804b39ff
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E214862A1EA898FEB11AB6888661B8BBF0EF03304F0541FBC55CD71D3DA2D56189742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34352BAD Relevance: .1, Instructions: 84COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1a865db3048e540d84fcc6dcf5955d55a5c8becb80899a1cbb6902cd55710035
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: a2d5184bbfdeaa1f644ea90fe53deb53a952bbebc6d2cda02fa87d9cdd172619
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1a865db3048e540d84fcc6dcf5955d55a5c8becb80899a1cbb6902cd55710035
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22210422F0DE8C0FDB91EB6858A92E97BF0EF5A311B0900F7D508E3293DA2C6C419751
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343447B5 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 7465ee3eb305cdcb890bf65cf40e3fe5a03c89a80a4f4b1a6fd25cd331f23c24
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 1d643c543936b382a972cb215cf6d9c69fbc160b2e9a4c5cceff849067dd339f
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7465ee3eb305cdcb890bf65cf40e3fe5a03c89a80a4f4b1a6fd25cd331f23c24
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B821D232708D494FD695FB2C84B85B937D1FFAA310B4501BAD18EC7292DE2DAC41C341
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34145E30 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5feb0ab6598482ef42be426f92e7ca2e5efd1dc2e42d1d5ef86f921421d3cbcc
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e232d946f53a46f80297e626120a8c2de95769f0e8f2eb31e60f78a6f2eda36e
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5feb0ab6598482ef42be426f92e7ca2e5efd1dc2e42d1d5ef86f921421d3cbcc
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B110433B1DD0A0FABE8D11C60A4276A3E2DBD8265714017BD50ED338DEC19EC434340
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414AEB0 Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2ea5eb8fd6c58b3c5e7bcc4538b9723c85f162dec643799382ffbc53cc688ce5
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 4eb95e7171275f16aac1767995ac08fb20442de55412259e4bbd0fd121f23fac
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2ea5eb8fd6c58b3c5e7bcc4538b9723c85f162dec643799382ffbc53cc688ce5
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29118972D0DE8C8FEB11AF2888661B8BBB0FF03300F0541BBC42CD7192DA2852149742
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413CFCF Relevance: .1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 74d8e1f6cadb44ee2e978b3af3e0de2c0443355b20f40444d31bb375d0693b52
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: abf46c435e38aa631f65127b3f2e2d28bd1141cd1d186da0d7db86e6c82f3dcd
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74d8e1f6cadb44ee2e978b3af3e0de2c0443355b20f40444d31bb375d0693b52
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0D214D27D0C9528BE721B728A4B60FA3FA4CF43324F04057BD58CEA163DF1C655A8A81
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414CFC8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43472ce6e7a0ff70bffa073d872e9751e516bea996c30c544d5a7a1602ec4072
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ce7885b7867eb7e11088da5a0bfb8ae9cce07bf39853141304271aeb7f196c39
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43472ce6e7a0ff70bffa073d872e9751e516bea996c30c544d5a7a1602ec4072
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A213421B3CE164BE791D734D0A06F573E2AF12300F4048BAD85EC71DADA2DB8829790
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3435127D Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 3578ce799f68a3fc56f9569563ffe51dca031f19c730fbf93538d285a892d8b1
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3545b13bff5f56230b375ecdbe879c95dde5d85433a3d719a5feaafc0947e725
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3578ce799f68a3fc56f9569563ffe51dca031f19c730fbf93538d285a892d8b1
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94214421A4E7C24FD31397745CA16903FB28F07164B1E02DBD084CB1E7E9ADA84AD362
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434C93E Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: b7e213f2ff8fc82af7c0b2ce6fe6976b3f2774a9ad327bf78693c264d51ba039
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 786dee3b06ba98c9eac87f357512dc4bfbf4e21e83a0ad7a4ae62255f500a572
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7e213f2ff8fc82af7c0b2ce6fe6976b3f2774a9ad327bf78693c264d51ba039
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6C01C493F5D94A1AEAA8AA8C34A20F573C1DB9776070101BBD55EC328BED2DAC035284
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434CB90 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: c67e43a7760abc4dff5320d727f54223190a1770a76d5a479db92bcf240c7e52
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 25eaab84c15d247b71174ecc5f2e0dbf3483e9f9b6d28fa7cd2326c7d8ae886b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c67e43a7760abc4dff5320d727f54223190a1770a76d5a479db92bcf240c7e52
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E721A1302149098FD7A4FF5CD4D4BA573A2FF95314F5146B8C119CB28ACA39EC82C790
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34145EB9 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e6f7185c851a2413c696298b40649733a89ecda35c1709f54774a0da1eef2112
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 2edb878bd349be1eaba0d142295f6ab9faac70950f7a58e74bfd009a2cecf0ad
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6f7185c851a2413c696298b40649733a89ecda35c1709f54774a0da1eef2112
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1411E333B0CD4A0FE7D4D62C54B56B467E1EB9A251B48007AD64DC378ADD1DAC418351
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414E5D3 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 6e6a20321c6b6ac8fc5894ae4787b3e9f4dc1cba77bf6c074c099d5b4ac314ca
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b4dc3266a41237a53ff2a9cd7669774db10be177cbda3785a4a7ce64754f64df
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6e6a20321c6b6ac8fc5894ae4787b3e9f4dc1cba77bf6c074c099d5b4ac314ca
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B11C46270DE980FD7A1DA1C88E8A653BF1EF9A210B0941F7D98DCB39BDD189C05D361
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD343447D0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 77e3fb64409b4c6b93333182387129a8f90db347991fc4a02fe234b2a08cde2e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: cfc8eb1e4c121c2d1eacc1b8787c5aebaf0c58a7f96573cbcfccfd1d9339e6d3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 77e3fb64409b4c6b93333182387129a8f90db347991fc4a02fe234b2a08cde2e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87118631704C194FD5A4FB2D84F8A7A32D1FF9A310B51057AD14EC3392DE29AC41C781
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34354865 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 30bc0d7e250c148756feec4ddadfbb13348a471475e51afd4d7723bc9dee3623
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 069c935fa515214f8433b2d8ba6d47bb71e6dfbcc47fc7d8aeee0aa7f72c13ec
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30bc0d7e250c148756feec4ddadfbb13348a471475e51afd4d7723bc9dee3623
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BB01283164CE5C8FDF64E61EC4E4E7437D0EB2930134504EAD18ACB2A2D619FC828741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414AEA0 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fa8f9ec244dd3db0406bb83e3eb8cc1475df1ac99fb8877837b343aeae691a3
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 8269af71785bac1a1ff823f045f5495b676e96ebe60627244fef424846abbe2b
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa8f9ec244dd3db0406bb83e3eb8cc1475df1ac99fb8877837b343aeae691a3
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1111E462A1EBC15FE7026724487A1797FB0EF13244F0944FBC199DA293D91D15189752
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414C637 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: fc96d0ce06d87706a61e884417b81a006bcfd910df2b7c36c4d0181800dcae38
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 57793e7135dfd48eceac1d7ed87ff91c90fea7ec83c8c77bb8fbdcf3c67a6679
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc96d0ce06d87706a61e884417b81a006bcfd910df2b7c36c4d0181800dcae38
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40012612F0CD054FF7B05668A4A97FB2AD0DF47324F0441BBE20CC5286EE5D6886A744
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413748A Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9f2473af7d4dd70c0c600c361139a638270ad79b89ed68f90ea6904badddf8a9
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: dead8877e4267a9b7bc47e117fe8c1208ce7315681b1f18390960800cf6c204a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f2473af7d4dd70c0c600c361139a638270ad79b89ed68f90ea6904badddf8a9
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9D11C236E08A1D8FDB98DF58C8A56ACB7B1FF5A300F1051AAC11DE3256CA346981DB40
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413A670 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 99487185c8c1a8f87604cbf4e0faf13a0b576e84ebad534170dd11e282478585
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ef8458c400082f16c5e2435271ef34c0eb2f64cfdba0ed44944991b32d1e9613
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99487185c8c1a8f87604cbf4e0faf13a0b576e84ebad534170dd11e282478585
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57018632B0CD0D0FD694D55DA8A567673C5EB99351F40027BF50CC3256ED59D8415381
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414C785 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 58f39bf1d4ca5c7f0856473459396ac9fee5d554c3ec072e59d0f2b546925151
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5b3ba5099ad1c6da71a16f9f4779a2c0481eaf6ae9ed2e749d2c6f7bb1d56a49
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 58f39bf1d4ca5c7f0856473459396ac9fee5d554c3ec072e59d0f2b546925151
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F701A232B1CE480FE394D71894B93B5B7E1EF5A311B5900BAD508C72A6EE199C418741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3434C974 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: a95b7de3725acc45f645b88b199c9ab6ccc2efe6b5af5866893746742c66d4e8
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 3890ace394d37b0985f9e9a7e3c72ff1c5483ef476b52d46c3ae233c177ac396
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a95b7de3725acc45f645b88b199c9ab6ccc2efe6b5af5866893746742c66d4e8
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72F0F6A3F5DA1A1AEA58A94834531F473C1DB96260701017BD94EC378BEC2EAC030184
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413BF80 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5acb5310dd25dd1d9170cdbefba6c276bb7f6793c607941a927b82db9d44f656
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: c15c639f0c2dbe8ca2f740b84c3cb9f3c75112bd19225c7c6943d9fe689701b5
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5acb5310dd25dd1d9170cdbefba6c276bb7f6793c607941a927b82db9d44f656
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F01F931B18D0F4FEAA8EB1C80715B6B3E5FFA5300754457AD04DD328AEE28EC414741
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34142D68 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 43b44329636e9334d16dfb63ce33b39bf8b4646b1ec6a55ab86960c2e6fb858c
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 6047695da9aa4fb84384e730a165de4dcb8857675cbf52ae276ceccbb19f1a96
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43b44329636e9334d16dfb63ce33b39bf8b4646b1ec6a55ab86960c2e6fb858c
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0601B131618F084FD794EB289458BAABBE1EFD5314F44453FE88DD2365DA38E4418782
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34139E95 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: e007bbdd9aebf9a54b4566b9e002239913a5a5dbdb177565151d540d878c9024
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ffafe8774fd508793a2d15b68ef640f5d5f116140228c4f26892b2d6de90d7b3
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e007bbdd9aebf9a54b4566b9e002239913a5a5dbdb177565151d540d878c9024
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43F08253F2ED9A0FE256922C18F51A91BD1EB9652074901B7D548C7297DC4D98825382
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34140F12 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 30a4fc6ff43eda3d87a3a37f80c8443b4655bb9fa0935e5e173b0c3108165a8e
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 66ad9e6c38c5149e1fc8927ab068f2cd7a0da2dfb14587b59ec955fb13ae0527
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 30a4fc6ff43eda3d87a3a37f80c8443b4655bb9fa0935e5e173b0c3108165a8e
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83F0F42250DFCA1FD316973884A46A07FF0AF47310B0841FAC548CB297DA1CA8959351
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34133E50 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8d2be5b6a1ddfe5e98ac73149932c5ac52beb982b9f5cc83b0a216cb9fcceace
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b7e187d7843a89fbfa2dade0049f4836eadf3757dab613f39119068e4270df58
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8d2be5b6a1ddfe5e98ac73149932c5ac52beb982b9f5cc83b0a216cb9fcceace
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7F08C31D04A0C8BD7109E65A0503F9FBB4EB4B305F441139D00CA6180C37A9995CB18
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34144F35 Relevance: .0, Instructions: 37COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 1bbeb0bbfd479f3d585ca29ebed37456d1ca507dd2b4d685e2d4bb13ac594aeb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: e86fbf9956e569174ef6f87c930c2bcd32789c60ed4c1a95421975a9c2975159
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1bbeb0bbfd479f3d585ca29ebed37456d1ca507dd2b4d685e2d4bb13ac594aeb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B4F0E932A19E4A4FD355D71C84945A4B7F0FF15310B4501B6D548CB396DE1DF8909750
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34138CE8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: abd7f717c7e08a18bc06553f30b0bc95aeb070ad14c3e3408ccdf52e5e5163cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 09bfe483cd1f94fc30680e57aa2d2ee16eed52b79845f1c05d585f34f252470a
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: abd7f717c7e08a18bc06553f30b0bc95aeb070ad14c3e3408ccdf52e5e5163cb
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0FF0A932C49A0D8FCB149F64E4903FCB2B4FB0B215F402239D00CB2180C3BEAA94CB14
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34148FC4 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 2fa2269406acea012108703eae1d889eabfd29b4494564dbb4b00ffc0a950b17
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: ba0f55df99dbe5adacd27e10dffa06189f7501e4f8874983b518479b0920aab6
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fa2269406acea012108703eae1d889eabfd29b4494564dbb4b00ffc0a950b17
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CEF0BE2674EA4A4FDB90CA0CE4D4B61B3E2FBA9321F0802B4D14DC7299C536EC018780
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34343EDC Relevance: .0, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4603451955.00007FFD34340000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34340000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34340000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 8b44d294a365d55c03a4319c398fbb3dec4c1044a61bf865f3ee11e9dce5f401
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: b16f97ac3b7236780bf2140784118908637b7d6e33598b0831b766fc05b0e073
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8b44d294a365d55c03a4319c398fbb3dec4c1044a61bf865f3ee11e9dce5f401
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51E09A3274980A8FD6A0E70CE4A4BB4B3E2FFA9321F2201B2D10DC3260CE39DC414B80
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD34139D15 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 4b6da10c42abd7e704e88bc8eb10d8ed17612ed60baafd1241f1d6c244fd4ba4
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 5528cb82bc6d4d2797e58187ed64f334e718a3197e3e5a9e9d592115195960ca
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b6da10c42abd7e704e88bc8eb10d8ed17612ed60baafd1241f1d6c244fd4ba4
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CE09A47B2EE980AE625D23C58FA0A87BD1DF46220B0954FACA48C2186D89EBC415682
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3413AF5E Relevance: .0, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 5377708ff2f2809dd5e08de0435afc97a7da480d4a01551630a381afd59733fa
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 035e412c7938524da9f92194addf43eafcb1c6e19bfcb1a8742aa9873b06dc5d
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5377708ff2f2809dd5e08de0435afc97a7da480d4a01551630a381afd59733fa
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2EE02661C0EBC21FE3425B7048690647FF4AF07210F0C41E6E58CC6063D64CD004C302
                                                                                                                                                                                                                                                                                                                                                  Function 00007FFD3414EE30 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                  • Source File: 00000010.00000002.4600158400.00007FFD34130000.00000040.00000800.00020000.00000000.sdmp, Offset: 00007FFD34130000, based on PE: false
                                                                                                                                                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                  • Snapshot File: hcaresult_16_2_7ffd34130000_AteraAgent.jbxd
                                                                                                                                                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                                                                                                                                                  • Opcode ID: 9ac3860d56f5333e04a663e79989c59b2303ca21588d45db560de223e07d9eb6
                                                                                                                                                                                                                                                                                                                                                  • Instruction ID: 082832cdee40d6e27f41011cc42d9128cfb470f06e2de9fe0a49c1f97d4c8031
                                                                                                                                                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ac3860d56f5333e04a663e79989c59b2303ca21588d45db560de223e07d9eb6
                                                                                                                                                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23D0A700A7080B05D95072AC05A6AD01191BF86614FC84031D84AF1385E54E40848153