Windows Analysis Report
PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Overview

General Information

Sample name:	PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Analysis ID:	1543756
MD5:	850a59f9c158b9d953ee6a75f55f7f8a
SHA1:	00112195c957667f320fa4565966827a8570c168
SHA256:	324f914c6e630516c2d2565cbd0b63e33eb6dc171f26aeaadf4f920636b16dc0
Infos:

Detection

Score:	32
Range:	0 - 100
Whitelisted:	false
Confidence:	40%

Compliance

Score:	34
Range:	0 - 100

Signatures

Multi AV Scanner detection for dropped file

Disables security and backup related services

Found API chain indicative of debugger detection

Potential context-aware VBS script found (checks for environment specific values)

Uses schtasks.exe or at.exe to add and modify task schedules

Abnormal high CPU Usage

Contains functionality for read data from the clipboard

Contains functionality to dynamically determine API calls

Contains functionality to shutdown / reboot the system

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Detected potential crypto function

Dropped file seen in connection with other malware

Drops PE files

EXE planting / hijacking vulnerabilities found

Found dropped PE file which has not been started or loaded

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Uses 32bit PE files

Uses code obfuscation techniques (call, push, ret)

Uses net.exe to stop services

Classification

Signatures

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files\pandora_agent\util\pandora_hardening.exe

ReversingLabs: Detection: 13%

Cryptography

Source: PandoraAgent.exe, 00000008.00000002.1898706731.0000000000736000.00000002.00000001.01000000.0000000B.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_17e0a04a-e

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: schtasks.exe			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: cmd.exe			Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: schtasks.exe			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: cmd.exe			Jump to behavior

Uses 32bit PE files

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Window detected: < &BackI &AgreeCancelPandoraFMS v7.0 PandoraFMS v7.0License AgreementPlease review the license terms before installing Pandora FMS Agent 7.0NG.777.1.Press Page Down to see the rest of the agreement.License and terms of use Pandora FMSReview: May 2024General contract conditionsThese general conditions of PandoraFMS (the "Conditions") regulate the terms in which Pandora FMS gives intuitu personae to the Client the use of the PandoraFMS Pandora ITSM or Pandora RC application and of the contracted components as well as the terms in which the support services and the other applicable conditions will be provided. The license of use is fully valid regardless of the services contracted and is an essential part of the contract signed between the parties together with the order or purchase order (if any) and the commercial proposal (all of them together the Contract).These Terms and Conditions are binding to the Client and all entities and persons acting on the Client's behalf or in collaboration with the Client whether they be employees associates collaborators partners suppliers or any other (hereinafter the Associates). Particularly it is understood that all references made to the Client reach and bind the Associates to whom the Client must inform of the content of these conditions and for whose compliance and non-compliance they shall be jointly and severally liable.By the simple installation or acceptance of the installation and by the simple use of the application the Client declares to have read understood and accepted all the Terms of these Conditions. It also declares that it has sufficient power of attorney to be bound by its representation.1. Ownership of PandoraFMS its components and the application documentationPandora FMS Pandora ITSM and Pandora RC are the exclusive property of Pandora FMS SLU ("Pandora FMS"); an entity that manages and coordinates its development as a collective work and that holds all the moral exploitation and remunerative rights over it also exclusively. Pandora FMS hereby grants the Client a license to use the application (the executable binaries the expressly agreed upon source codes the related components provided with the software the application programming interfaces and the other associated media) and grants the Client no rights of reproduction distribution public communication or transformation of the application beyond those strictly necessary for the use intended in the commercial offer.The application manuals and all related material including the material used for their development (in any format) are protected by the same intellectual property rights as the application itself and the current license of use extends to them. Pandora FMS hereby grants the Client no rights of reproduction public communication and distribution of these materials beyond those strictly necessary to learn how to use the application. Any transformation (including translation into any language) of the aid and development materials

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\collections	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\ref	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\help	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa.pub	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\PUT_SSH_KEYS_HERE	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\config.tmp.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\pandora.ico	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\delete_at_job.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\install_service_restart.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\edit_config_file.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl-ca-bundle.crt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cut.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\date.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\expr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getsnmp.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\head.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\logevent_log4x.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ls.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\md5.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\agentname.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\ianalist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.in	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.mib	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\makehtml.pl	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\mibfetch	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\nodemap	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\README.mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfclist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\smistrip	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ps.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\du_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\sort.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tail.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\wc.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cpuinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\moboinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\diskdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cdromdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\videocardinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ifaces.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\monitors.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\printers.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\software_installed.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\raminfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\userslogged.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productkey.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productID.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\architecture.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\domain.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\osversion.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mem_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\network.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraFMS_Agent.url	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\uninst.exe	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Directory created: C:\Program Files\pandora_agent\pandora_agent.log	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\README.txt	Jump to behavior

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: certificate valid

Source:	Binary string: c:\projects\md5\Release\md5.pdb source: md5.exe.0.dr
Source:	Binary string: C:\data\buildbot-pdk-slave\pdk-grover\build\src\PerlApp\src\paperl512.pdb source: pandora_revent.exe.0.dr
Source:	Binary string: .Pdb'L source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Source:	Binary string: .PdB] source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Spreading

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F13 FindFirstFileA,FindClose,	0_2_00407F13
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004083A8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004083A8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040342B FindFirstFileA,	0_2_0040342B

Networking

Source: curl.exe.0.dr	String found in binary or memory: Usage: curl [options...] <url>
Source: curl.exe.0.dr	String found in binary or memory: E@Usage: curl [options...] <url>Options: (H) means HTTP/HTTPS only, (F) means FTP only --anyauth Pick "any" authentication method (H) -a, --append Append to target file when uploading (F/SFTP) --basic Use HTTP Basic Authentication (H) --cacert FILE CA certificate to verify peer against (SSL) --capath DIR CA directory to verify peer against (SSL) -E, --cert CERT[:PASSWD] Client certificate file and password (SSL) --cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL) --ciphers LIST SSL ciphers to use (SSL) --compressed Request compressed response (using deflate or gzip) -K, --config FILE Specify which config file to read --connect-timeout SECONDS Maximum time allowed for connection -C, --continue-at OFFSET Resumed transfer offset -b, --cookie STRING/FILE String or file to read cookies from (H) -c, --cookie-jar FILE Write cookies to this file after operation (H) --create-dirs Create necessary local directory hierarchy --crlf Convert LF to CRLF in upload --crlfile FILE Get a CRL list in PEM format from the given file -d, --data DATA HTTP POST data (H) --data-ascii DATA HTTP POST ASCII data (H) --data-binary DATA HTTP POST binary data (H) --data-urlencode DATA HTTP POST data url encoded (H) --delegation STRING GSS-API delegation permission --digest Use HTTP Digest Authentication (H) --disable-eprt Inhibit using EPRT or LPRT (F) --disable-epsv Inhibit using EPSV (F) -D, --dump-header FILE Write the headers to this file --egd-file FILE EGD socket path for random data (SSL) --engine ENGINGE Crypto engine (SSL). "--engine list" for list -f, --fail Fail silently (no output at all) on HTTP errors (H) -F, --form CONTENT Specify HTTP multipart POST data (H) --form-string STRING Specify HTTP multipart POST data (H) --ftp-account DATA Account data string (F) --ftp-alternative-to-user COMMAND String to replace "USER [name]" (F) --ftp-create-dirs Create the remote dirs if not present (F) --ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F) --ftp-pasv Use PASV/EPSV instead of PORT (F) -P, --ftp-port ADR Use PORT with given address instead of PASV (F) --ftp-skip-pasv-ip Skip the IP address for PASV (F)

Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/P
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/copyright.htmlD
Source: PandoraAgent.exe, 00000008.00000002.1898706731.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000000.1928109476.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, curl.exe.0.dr, PandoraAgent.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/sslcerts.html
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
Source: curl.exe.0.dr	String found in binary or memory: http://https://-.://%s%s%s/%sall
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: config.tmp.conf.0.dr, pandora_agent_nsis.conf.0.dr	String found in binary or memory: http://pandorafms.org
Source: md5.exe.0.dr	String found in binary or memory: http://www.fourmilab.ch/
Source: config.tmp.conf.0.dr, pandora_agent_nsis.conf.0.dr	String found in binary or memory: http://www.google.com
Source: INET-ADDRESS-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/
Source: IP-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/assignments/icmp-parameters
Source: IP-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/assignments/icmpv6-parameters
Source: AGENTX-MIB.txt.0.dr	String found in binary or memory: http://www.ietf.org/html.charters/agentx-charter.html
Source: TCP-MIB.txt.0.dr, IP-FORWARD-MIB.txt.0.dr	String found in binary or memory: http://www.ietf.org/html.charters/ipv6-charter.html
Source: unzip.exe.0.dr	String found in binary or memory: http://www.info-zip.org/UnZip.htmlDVarFileInfo$
Source: unzip.exe.0.dr	String found in binary or memory: http://www.info-zip.org/zip-bug.html;
Source: PandoraAgent.exe, 00000008.00000000.1897515760.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000002.4162596872.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: PandoraAgent.exe, 00000008.00000000.1897515760.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000002.4162596872.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4162559671.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, PandoraFMS_Agent.url.0.dr	String found in binary or memory: http://www.pandorafms.com
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4163286809.0000000003963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pandorafms.com.
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4162559671.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, LICENSE_EN.txt.0.dr, LICENSE_ES.txt.0.dr	String found in binary or memory: https://support.pandorafms.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00406EFB GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SetDlgItemTextA,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,

0_2_00406EFB

System Summary

Abnormal high CPU Usage

Source: C:\Program Files\pandora_agent\PandoraAgent.exe

Process Stats: CPU usage > 49%

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00404167 EntryPoint,SetErrorMode,GetVersion,lstrlenA,InitCommonControls,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,DeleteFileA,DeleteFileA,GetWindowsDirectoryA,DeleteFileA,DeleteFileA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,DeleteFileA,DeleteFileA,OleUninitialize,GetCurrentProcess,ExitWindowsEx,ExitProcess,

0_2_00404167

Detected potential crypto function

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00408D2E	0_2_00408D2E
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C4710	0_2_6E5C4710
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C22B5	0_2_6E5C22B5

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Program Files\pandora_agent\util\ShortElev.exe D8CB74994754E0FE701F842651AD5EA4F54B41C0450ECFD511E2B7A8C761847E

PE file contains more sections than normal

Source: PandoraAgent.exe.0.dr	Static PE information: Number of sections : 18 > 10
Source: ShortElev.exe.0.dr	Static PE information: Number of sections : 16 > 10

Uses 32bit PE files

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: grep_log.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 0.9979870854591837
Source: route_parser.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 0.9976158993089234

Source: classification engine

Classification label: sus32.evad.winEXE@39/174@0/0

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00405A34 GetDlgItem,SetWindowTextA,SetDlgItemTextA,SetDlgItemTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,

0_2_00405A34

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00402988 CoCreateInstance,MultiByteToWideChar,

0_2_00402988

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Program Files\pandora_agent

Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Users\user\AppData\Local\Temp\nsnBCF3.tmp

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe C:\Windows\SYSTEM32\cmd.exe /c ""C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat""

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_ALIGN_1BYTES, IMAGE_SCN_ALIGN_2BYTES, IMAGE_SCN_ALIGN_4BYTES, IMAGE_SCN_ALIGN_16BYTES, IMAGE_SCN_ALIGN_32BYTES, IMAGE_SCN_ALIGN_64BYTES, IMAGE_SCN_ALIGN_256BYTES, IMAGE_SCN_ALIGN_512BYTES, IMAGE_SCN_ALIGN_1024BYTES, IMAGE_SCN_ALIGN_4096BYTES, IMAGE_SCN_ALIGN_8192BYTES, IMAGE_SCN_ALIGN_MASK, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: PandoraAgent.exe, 00000008.00000002.1898706731.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000000.1928109476.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe.0.dr

Binary or memory string: SELECT Name, PathName, State FROM Win32_Service.PathName;

Source: PandoraAgent.exe	String found in binary or memory: -startinfo
Source: PandoraAgent.exe	String found in binary or memory: -StartupInfo
Source: PandoraAgent.exe	String found in binary or memory: -address
Source: PandoraAgent.exe	String found in binary or memory: -startinfo
Source: PandoraAgent.exe	String found in binary or memory: -StartupInfo
Source: PandoraAgent.exe	String found in binary or memory: -address

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File read: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe "C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe"
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c PandoraAgent.exe --install
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC DAILY /ST 00:00:00 /F /RU SYSTEM
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Change /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\""
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\SYSTEM32\cmd.exe /c ""C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent
Source: unknown	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe "C:\Program Files\pandora_agent\PandoraAgent.exe"
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c PandoraAgent.exe --install	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC DAILY /ST 00:00:00 /F /RU SYSTEM	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Change /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\""	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk"	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk"	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Start Menu.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\README.txt
Source: Start Pandora Agent.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\Program Files\pandora_agent\scripts\start_pandora_agent.bat
Source: Stop Pandora Agent.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\Program Files\pandora_agent\scripts\stop_pandora_agent.bat
Source: Website.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\PandoraFMS_Agent.url
Source: Uninstall.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\uninst.exe
Source: Edit Config File.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\edit_config_file.bat
Source: PandoraFMS_Agent_start.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\start_pandora_agent.bat
Source: PandoraFMS_Agent_stop.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\stop_pandora_agent.bat
Source: README.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\README.txt

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: I Agree
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Install
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\collections	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\ref	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\help	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa.pub	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\PUT_SSH_KEYS_HERE	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\config.tmp.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\pandora.ico	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\delete_at_job.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\install_service_restart.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\edit_config_file.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl-ca-bundle.crt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cut.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\date.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\expr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getsnmp.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\head.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\logevent_log4x.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ls.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\md5.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\agentname.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\ianalist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.in	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.mib	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\makehtml.pl	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\mibfetch	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\nodemap	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\README.mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfclist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\smistrip	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ps.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\du_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\sort.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tail.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\wc.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cpuinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\moboinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\diskdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cdromdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\videocardinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ifaces.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\monitors.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\printers.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\software_installed.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\raminfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\userslogged.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productkey.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productID.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\architecture.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\domain.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\osversion.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mem_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\network.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraFMS_Agent.url	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\uninst.exe	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Directory created: C:\Program Files\pandora_agent\pandora_agent.log	Jump to behavior

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: certificate valid

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static file information: File size 62120984 > 1048576

Source:	Binary string: c:\projects\md5\Release\md5.pdb source: md5.exe.0.dr
Source:	Binary string: C:\data\buildbot-pdk-slave\pdk-grover\build\src\PerlApp\src\paperl512.pdb source: pandora_revent.exe.0.dr
Source:	Binary string: .Pdb'L source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Source:	Binary string: .PdB] source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_6E5C22B5 lstrcpyA,GlobalAlloc,GlobalFree,lstrcpyA,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetProcAddress,lstrcatA,GetProcAddress,lstrcpyA,GlobalFree,

0_2_6E5C22B5

PE file contains an invalid checksum

Source: expr.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x56b2
Source: puttygen.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x2f1b4
Source: tr.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xdb79
Source: ls.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1bafa
Source: cut.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x5f11
Source: head.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x14301
Source: uninst.exe.0.dr	Static PE information: real checksum: 0x3b4b43a should be: 0x40336
Source: gawk.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x3c909
Source: cmp.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x2de4
Source: md5.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xcd6f
Source: snmpget.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x483f9
Source: sort.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x13795
Source: grep.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1acfd
Source: wc.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x122f4
Source: date.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xf68d
Source: tail.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x18175

PE file contains sections with non-standard names

Source: PandoraAgent.exe.0.dr	Static PE information: section name: .xdata
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /4
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /19
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /31
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /45
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /57
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /70
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /81
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /92
Source: getreg.exe.0.dr	Static PE information: section name: .xdata
Source: autodiscover.exe.0.dr	Static PE information: section name: _RDATA
Source: omnishell_client.exe.0.dr	Static PE information: section name: .xdata
Source: ShortElev.exe.0.dr	Static PE information: section name: /4
Source: ShortElev.exe.0.dr	Static PE information: section name: /14
Source: ShortElev.exe.0.dr	Static PE information: section name: /29
Source: ShortElev.exe.0.dr	Static PE information: section name: /41
Source: ShortElev.exe.0.dr	Static PE information: section name: /55
Source: ShortElev.exe.0.dr	Static PE information: section name: /67
Source: ShortElev.exe.0.dr	Static PE information: section name: /80
Source: ShortElev.exe.0.dr	Static PE information: section name: /91
Source: ShortElev.exe.0.dr	Static PE information: section name: /102

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00403141 push edx; mov dword ptr [esp], eax	0_2_00403156
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F4B push ebx; mov dword ptr [esp], 00434A80h	0_2_00407F68
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F4B push eax; mov dword ptr [esp], 00434A80h	0_2_00407FE0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00402E4B push ebx; mov dword ptr [esp], 00413040h	0_2_00402EF6
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040194E push ecx; mov dword ptr [esp], eax	0_2_0040195B
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401860 push eax; mov dword ptr [esp], ebx	0_2_0040192D
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00403164 push edi; mov dword ptr [esp], eax	0_2_00403177
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ecx; mov dword ptr [esp], ebx	0_2_004041BB
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ebx; mov dword ptr [esp], 0000000Bh	0_2_004041D8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00000000h	0_2_00404263
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push edx; mov dword ptr [esp], eax	0_2_004042A0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], ebx	0_2_00404382
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00440400h	0_2_004044D8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ecx; mov dword ptr [esp], 00431860h	0_2_0040454D
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00431860h	0_2_004045B2
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ebx; mov dword ptr [esp], 00000002h	0_2_0040462A
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401B06 push edx; mov dword ptr [esp], eax	0_2_00401B53
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401B06 push edi; mov dword ptr [esp], 00412840h	0_2_00401B6A
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00402613 push ecx; mov dword ptr [esp], ebx	0_2_00402634
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push esi; mov dword ptr [esp], ebx	0_2_00405A71
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push eax; mov dword ptr [esp], 0000000Ah	0_2_00405B27
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ecx; mov dword ptr [esp], ebx	0_2_00405BF4
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push eax; mov dword ptr [esp], ebx	0_2_00405CA8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ecx; mov dword ptr [esp], 00000001h	0_2_00405CCD
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ebx; mov dword ptr [esp], 004324C0h	0_2_00405CF4
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040183B push ecx; mov dword ptr [esp], eax	0_2_0040184E
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004040CC push eax; mov dword ptr [esp], 00440400h	0_2_004040DF
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004040CC push eax; mov dword ptr [esp], 00440400h	0_2_00404101
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404DDD push eax; mov dword ptr [esp], 00000405h	0_2_00405305
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405EED push eax; mov dword ptr [esp], ebx	0_2_00406093
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405EED push ebx; mov dword ptr [esp], 0043F400h	0_2_004060AE

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\expr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\wc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\cut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\sort.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\date.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tail.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\grep.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\head.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\md5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\curl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\ls.exe	Jump to dropped file

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\README.txt	Jump to behavior

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC DAILY /ST 00:00:00 /F /RU SYSTEM

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Pandora Agent.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop Pandora Agent.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Website.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Uninstall.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\README.lnk	Jump to behavior

Uses net.exe to stop services

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Potential context-aware VBS script found (checks for environment specific values)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped file: Wscript.StdOut.WriteLine "<data><![CDATA[" & mobo.manufacturer & ";" & mobo.model & ";" & mobo.OEMStringArray(0) & "]]></data>"			Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped file: Wscript.StdOut.WriteLine "<data><![CDATA[" & data.osarchitecture & "]]></data>"			Jump to dropped file

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\cmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\gawk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\expr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\getreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\wc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\cut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\sort.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\date.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tail.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\grep.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\unzip.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\head.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\md5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\curl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\ls.exe	Jump to dropped file

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\net1.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F13 FindFirstFileA,FindClose,	0_2_00407F13
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004083A8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004083A8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040342B FindFirstFileA,	0_2_0040342B

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Program Files\pandora_agent\util\ShortElev.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_6E5C22B5

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00DB1BCC CreateControl,GetProcessHeap,GetProcessHeap,HeapAlloc,GetProcessHeap,GetProcessHeap,HeapReAlloc,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,lstrcmpiA,CreateWindowExA,SetPropA,SendMessageA,SendMessageA,SendMessageA,SetWindowLongA,GetProcessHeap,HeapFree,

0_2_00DB1BCC

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C3AB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_6E5C3AB0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C3AAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_6E5C3AAC
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_00401179 Sleep,Sleep,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,	15_2_00401179
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_004021C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_004021C0
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_004021BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_004021BC

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent	Jump to behavior

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_6E5C3A00 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_6E5C3A00

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_00404167

Lowering of HIPS / PFW / Operating System Security Settings

Disables security and backup related services

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Program Files\pandora_agent\util\pandora_hardening.exe

ReversingLabs: Detection: 13%

Cryptography

Source: PandoraAgent.exe, 00000008.00000002.1898706731.0000000000736000.00000002.00000001.01000000.0000000B.sdmp

Binary or memory string: -----BEGIN PUBLIC KEY-----

memstr_17e0a04a-e

Privilege Escalation

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: schtasks.exe			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: cmd.exe			Jump to behavior

Compliance

EXE planting / hijacking vulnerabilities found

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: schtasks.exe			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	EXE: cmd.exe			Jump to behavior

Uses 32bit PE files

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\collections	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\ref	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\help	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa.pub	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\PUT_SSH_KEYS_HERE	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\config.tmp.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\pandora.ico	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\delete_at_job.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\install_service_restart.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\edit_config_file.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl-ca-bundle.crt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cut.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\date.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\expr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getsnmp.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\head.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\logevent_log4x.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ls.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\md5.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\agentname.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\ianalist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.in	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.mib	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\makehtml.pl	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\mibfetch	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\nodemap	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\README.mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfclist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\smistrip	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ps.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\du_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\sort.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tail.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\wc.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cpuinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\moboinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\diskdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cdromdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\videocardinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ifaces.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\monitors.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\printers.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\software_installed.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\raminfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\userslogged.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productkey.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productID.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\architecture.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\domain.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\osversion.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mem_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\network.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraFMS_Agent.url	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\uninst.exe	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Directory created: C:\Program Files\pandora_agent\pandora_agent.log	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\README.txt	Jump to behavior

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: certificate valid

Source:	Binary string: c:\projects\md5\Release\md5.pdb source: md5.exe.0.dr
Source:	Binary string: C:\data\buildbot-pdk-slave\pdk-grover\build\src\PerlApp\src\paperl512.pdb source: pandora_revent.exe.0.dr
Source:	Binary string: .Pdb'L source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Source:	Binary string: .PdB] source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Spreading

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F13 FindFirstFileA,FindClose,	0_2_00407F13
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004083A8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004083A8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040342B FindFirstFileA,	0_2_0040342B

Networking

Source: curl.exe.0.dr	String found in binary or memory: Usage: curl [options...] <url>
Source: curl.exe.0.dr	String found in binary or memory: E@Usage: curl [options...] <url>Options: (H) means HTTP/HTTPS only, (F) means FTP only --anyauth Pick "any" authentication method (H) -a, --append Append to target file when uploading (F/SFTP) --basic Use HTTP Basic Authentication (H) --cacert FILE CA certificate to verify peer against (SSL) --capath DIR CA directory to verify peer against (SSL) -E, --cert CERT[:PASSWD] Client certificate file and password (SSL) --cert-type TYPE Certificate file type (DER/PEM/ENG) (SSL) --ciphers LIST SSL ciphers to use (SSL) --compressed Request compressed response (using deflate or gzip) -K, --config FILE Specify which config file to read --connect-timeout SECONDS Maximum time allowed for connection -C, --continue-at OFFSET Resumed transfer offset -b, --cookie STRING/FILE String or file to read cookies from (H) -c, --cookie-jar FILE Write cookies to this file after operation (H) --create-dirs Create necessary local directory hierarchy --crlf Convert LF to CRLF in upload --crlfile FILE Get a CRL list in PEM format from the given file -d, --data DATA HTTP POST data (H) --data-ascii DATA HTTP POST ASCII data (H) --data-binary DATA HTTP POST binary data (H) --data-urlencode DATA HTTP POST data url encoded (H) --delegation STRING GSS-API delegation permission --digest Use HTTP Digest Authentication (H) --disable-eprt Inhibit using EPRT or LPRT (F) --disable-epsv Inhibit using EPSV (F) -D, --dump-header FILE Write the headers to this file --egd-file FILE EGD socket path for random data (SSL) --engine ENGINGE Crypto engine (SSL). "--engine list" for list -f, --fail Fail silently (no output at all) on HTTP errors (H) -F, --form CONTENT Specify HTTP multipart POST data (H) --form-string STRING Specify HTTP multipart POST data (H) --ftp-account DATA Account data string (F) --ftp-alternative-to-user COMMAND String to replace "USER [name]" (F) --ftp-create-dirs Create the remote dirs if not present (F) --ftp-method [MULTICWD/NOCWD/SINGLECWD] Control CWD usage (F) --ftp-pasv Use PASV/EPSV instead of PORT (F) -P, --ftp-port ADR Use PORT with given address instead of PASV (F) --ftp-skip-pasv-ip Skip the IP address for PASV (F)

Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/P
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/copyright.htmlD
Source: PandoraAgent.exe, 00000008.00000002.1898706731.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000000.1928109476.0000000000736000.00000002.00000001.01000000.0000000B.sdmp, curl.exe.0.dr, PandoraAgent.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/http-cookies.html
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/docs/sslcerts.html
Source: curl.exe.0.dr	String found in binary or memory: http://curl.haxx.se/libcurl/c/curl_easy_setopt.html
Source: curl.exe.0.dr	String found in binary or memory: http://https://-.://%s%s%s/%sall
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_Error
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, uninst.exe.0.dr	String found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
Source: config.tmp.conf.0.dr, pandora_agent_nsis.conf.0.dr	String found in binary or memory: http://pandorafms.org
Source: md5.exe.0.dr	String found in binary or memory: http://www.fourmilab.ch/
Source: config.tmp.conf.0.dr, pandora_agent_nsis.conf.0.dr	String found in binary or memory: http://www.google.com
Source: INET-ADDRESS-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/
Source: IP-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/assignments/icmp-parameters
Source: IP-MIB.txt.0.dr	String found in binary or memory: http://www.iana.org/assignments/icmpv6-parameters
Source: AGENTX-MIB.txt.0.dr	String found in binary or memory: http://www.ietf.org/html.charters/agentx-charter.html
Source: TCP-MIB.txt.0.dr, IP-FORWARD-MIB.txt.0.dr	String found in binary or memory: http://www.ietf.org/html.charters/ipv6-charter.html
Source: unzip.exe.0.dr	String found in binary or memory: http://www.info-zip.org/UnZip.htmlDVarFileInfo$
Source: unzip.exe.0.dr	String found in binary or memory: http://www.info-zip.org/zip-bug.html;
Source: PandoraAgent.exe, 00000008.00000000.1897515760.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000002.4162596872.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.html
Source: PandoraAgent.exe, 00000008.00000000.1897515760.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe, 0000001B.00000002.4162596872.000000000079D000.00000002.00000001.01000000.0000000B.sdmp, PandoraAgent.exe.0.dr	String found in binary or memory: http://www.openssl.org/support/faq.htmlRAND
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4162559671.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, PandoraFMS_Agent.url.0.dr	String found in binary or memory: http://www.pandorafms.com
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4163286809.0000000003963000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.pandorafms.com.
Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe, 00000000.00000002.4162559671.00000000007EE000.00000004.00000020.00020000.00000000.sdmp, LICENSE_EN.txt.0.dr, LICENSE_ES.txt.0.dr	String found in binary or memory: https://support.pandorafms.com/

Key, Mouse, Clipboard, Microphone and Screen Capturing

Contains functionality for read data from the clipboard

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_00406EFB

System Summary

Abnormal high CPU Usage

Source: C:\Program Files\pandora_agent\PandoraAgent.exe

Process Stats: CPU usage > 49%

Contains functionality to shutdown / reboot the system

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_00404167

Detected potential crypto function

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00408D2E	0_2_00408D2E
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C4710	0_2_6E5C4710
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C22B5	0_2_6E5C22B5

Dropped file seen in connection with other malware

Source: Joe Sandbox View

Dropped File: C:\Program Files\pandora_agent\util\ShortElev.exe D8CB74994754E0FE701F842651AD5EA4F54B41C0450ECFD511E2B7A8C761847E

PE file contains more sections than normal

Source: PandoraAgent.exe.0.dr	Static PE information: Number of sections : 18 > 10
Source: ShortElev.exe.0.dr	Static PE information: Number of sections : 16 > 10

Uses 32bit PE files

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED

Source: grep_log.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 0.9979870854591837
Source: route_parser.exe.0.dr	Static PE information: Section: .rsrc ZLIB complexity 0.9976158993089234

Source: classification engine

Classification label: sus32.evad.winEXE@39/174@0/0

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00405A34 GetDlgItem,SetWindowTextA,SetDlgItemTextA,SetDlgItemTextA,SHAutoComplete,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,GetDiskFreeSpaceExA,GetDiskFreeSpaceA,MulDiv,

0_2_00405A34

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_00402988 CoCreateInstance,MultiByteToWideChar,

0_2_00402988

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Program Files\pandora_agent

Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7708:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7992:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \BaseNamedObjects\Local\SM0:8148:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8096:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7836:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8044:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7468:120:WilError_03

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File created: C:\Users\user\AppData\Local\Temp\nsnBCF3.tmp

Jump to behavior

Source: unknown

Process created: C:\Windows\System32\cmd.exe C:\Windows\SYSTEM32\cmd.exe /c ""C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat""

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Binary or memory string: SELECT Name, PathName, State FROM Win32_Service.PathName;

Source: PandoraAgent.exe	String found in binary or memory: -startinfo
Source: PandoraAgent.exe	String found in binary or memory: -StartupInfo
Source: PandoraAgent.exe	String found in binary or memory: -address
Source: PandoraAgent.exe	String found in binary or memory: -startinfo
Source: PandoraAgent.exe	String found in binary or memory: -StartupInfo
Source: PandoraAgent.exe	String found in binary or memory: -address

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

File read: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Jump to behavior

Source: unknown	Process created: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe "C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe"
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c PandoraAgent.exe --install
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC DAILY /ST 00:00:00 /F /RU SYSTEM
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Change /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\""
Source: C:\Windows\SysWOW64\schtasks.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk"
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Windows\System32\cmd.exe C:\Windows\SYSTEM32\cmd.exe /c ""C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat""
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent
Source: unknown	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe "C:\Program Files\pandora_agent\PandoraAgent.exe"
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c PandoraAgent.exe --install	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Create /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\"" /SC DAILY /ST 00:00:00 /F /RU SYSTEM	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\schtasks.exe schtasks /Change /TN pandora_agent_restart /TR "\"C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat\""	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk"	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk"	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Program Files\pandora_agent\util\ShortElev.exe "C:\Program Files\pandora_agent\util\ShortElev.exe" "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk"	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: oleacc.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: shfolder.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: linkinfo.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: ntshrui.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Section loaded: cscapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: taskschd.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Section loaded: xmllite.dll	Jump to behavior
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Section loaded: cmdext.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: samcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: dsrole.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: wkscli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: logoncli.dll	Jump to behavior
Source: C:\Windows\System32\net1.exe	Section loaded: cryptbase.dll	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32

Jump to behavior

Source: Start Menu.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\README.txt
Source: Start Pandora Agent.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\Program Files\pandora_agent\scripts\start_pandora_agent.bat
Source: Stop Pandora Agent.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\Program Files\pandora_agent\scripts\stop_pandora_agent.bat
Source: Website.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\PandoraFMS_Agent.url
Source: Uninstall.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\uninst.exe
Source: Edit Config File.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\edit_config_file.bat
Source: PandoraFMS_Agent_start.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\start_pandora_agent.bat
Source: PandoraFMS_Agent_stop.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\scripts\stop_pandora_agent.bat
Source: README.lnk.0.dr	LNK file: ..\..\..\..\..\..\Program Files\pandora_agent\README.txt

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: I Agree
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Install
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: Next >
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\collections	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\ref	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\help	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\id_dsa.pub	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\key\PUT_SSH_KEYS_HERE	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\config.tmp.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\pandora.ico	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\README.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\delete_at_job.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\install_service_restart.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\edit_config_file.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\curl-ca-bundle.crt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cut.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\date.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\expr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\getsnmp.bat	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\head.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\logevent_log4x.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ls.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\md5.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\agentname.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\ianalist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.in	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\Makefile.mib	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\makehtml.pl	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\mibfetch	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\nodemap	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\README.mibs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfclist	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\smistrip	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ps.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\du_percent.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\sort.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tail.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\tr.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\wc.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cpuinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\moboinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\diskdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\cdromdrives.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\videocardinfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ifaces.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\monitors.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\printers.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\software_installed.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\raminfo.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\userslogged.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productkey.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\productID.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\architecture.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\domain.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\osversion.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\df_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\mem_percent_used.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\network.vbs	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\pandora_security_win.conf	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\PandoraFMS_Agent.url	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Directory created: C:\Program Files\pandora_agent\uninst.exe	Jump to behavior
Source: C:\Program Files\pandora_agent\PandoraAgent.exe	Directory created: C:\Program Files\pandora_agent\pandora_agent.log	Jump to behavior

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static PE information: certificate valid

Source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Static file information: File size 62120984 > 1048576

Source:	Binary string: c:\projects\md5\Release\md5.pdb source: md5.exe.0.dr
Source:	Binary string: C:\data\buildbot-pdk-slave\pdk-grover\build\src\PerlApp\src\paperl512.pdb source: pandora_revent.exe.0.dr
Source:	Binary string: .Pdb'L source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Source:	Binary string: .PdB] source: PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Data Obfuscation

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_6E5C22B5

PE file contains an invalid checksum

Source: expr.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x56b2
Source: puttygen.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x2f1b4
Source: tr.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xdb79
Source: ls.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1bafa
Source: cut.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x5f11
Source: head.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x14301
Source: uninst.exe.0.dr	Static PE information: real checksum: 0x3b4b43a should be: 0x40336
Source: gawk.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x3c909
Source: cmp.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x2de4
Source: md5.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xcd6f
Source: snmpget.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x483f9
Source: sort.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x13795
Source: grep.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1acfd
Source: wc.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x122f4
Source: date.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0xf68d
Source: tail.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x18175

PE file contains sections with non-standard names

Source: PandoraAgent.exe.0.dr	Static PE information: section name: .xdata
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /4
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /19
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /31
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /45
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /57
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /70
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /81
Source: PandoraAgent.exe.0.dr	Static PE information: section name: /92
Source: getreg.exe.0.dr	Static PE information: section name: .xdata
Source: autodiscover.exe.0.dr	Static PE information: section name: _RDATA
Source: omnishell_client.exe.0.dr	Static PE information: section name: .xdata
Source: ShortElev.exe.0.dr	Static PE information: section name: /4
Source: ShortElev.exe.0.dr	Static PE information: section name: /14
Source: ShortElev.exe.0.dr	Static PE information: section name: /29
Source: ShortElev.exe.0.dr	Static PE information: section name: /41
Source: ShortElev.exe.0.dr	Static PE information: section name: /55
Source: ShortElev.exe.0.dr	Static PE information: section name: /67
Source: ShortElev.exe.0.dr	Static PE information: section name: /80
Source: ShortElev.exe.0.dr	Static PE information: section name: /91
Source: ShortElev.exe.0.dr	Static PE information: section name: /102

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00403141 push edx; mov dword ptr [esp], eax	0_2_00403156
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F4B push ebx; mov dword ptr [esp], 00434A80h	0_2_00407F68
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F4B push eax; mov dword ptr [esp], 00434A80h	0_2_00407FE0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00402E4B push ebx; mov dword ptr [esp], 00413040h	0_2_00402EF6
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040194E push ecx; mov dword ptr [esp], eax	0_2_0040195B
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401860 push eax; mov dword ptr [esp], ebx	0_2_0040192D
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00403164 push edi; mov dword ptr [esp], eax	0_2_00403177
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ecx; mov dword ptr [esp], ebx	0_2_004041BB
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ebx; mov dword ptr [esp], 0000000Bh	0_2_004041D8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00000000h	0_2_00404263
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push edx; mov dword ptr [esp], eax	0_2_004042A0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], ebx	0_2_00404382
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00440400h	0_2_004044D8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ecx; mov dword ptr [esp], 00431860h	0_2_0040454D
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push eax; mov dword ptr [esp], 00431860h	0_2_004045B2
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404167 push ebx; mov dword ptr [esp], 00000002h	0_2_0040462A
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401B06 push edx; mov dword ptr [esp], eax	0_2_00401B53
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00401B06 push edi; mov dword ptr [esp], 00412840h	0_2_00401B6A
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00402613 push ecx; mov dword ptr [esp], ebx	0_2_00402634
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push esi; mov dword ptr [esp], ebx	0_2_00405A71
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push eax; mov dword ptr [esp], 0000000Ah	0_2_00405B27
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ecx; mov dword ptr [esp], ebx	0_2_00405BF4
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push eax; mov dword ptr [esp], ebx	0_2_00405CA8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ecx; mov dword ptr [esp], 00000001h	0_2_00405CCD
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405A34 push ebx; mov dword ptr [esp], 004324C0h	0_2_00405CF4
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040183B push ecx; mov dword ptr [esp], eax	0_2_0040184E
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004040CC push eax; mov dword ptr [esp], 00440400h	0_2_004040DF
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004040CC push eax; mov dword ptr [esp], 00440400h	0_2_00404101
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00404DDD push eax; mov dword ptr [esp], 00000405h	0_2_00405305
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405EED push eax; mov dword ptr [esp], ebx	0_2_00406093
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00405EED push ebx; mov dword ptr [esp], 0043F400h	0_2_004060AE

Persistence and Installation Behavior

Drops PE files

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\cmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\gawk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\expr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\getreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\wc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\cut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\sort.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\date.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\PandoraAgent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\tail.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\grep.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\unzip.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\head.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\md5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\curl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\ShortElev.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\util\ls.exe	Jump to dropped file

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_EN.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\LICENSE_ES.txt	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Program Files\pandora_agent\README.txt	Jump to behavior

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Stores files to the Windows start menu directory

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Pandora Agent.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop Pandora Agent.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Website.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Uninstall.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File created: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\README.lnk	Jump to behavior

Uses net.exe to stop services

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent

Hooking and other Techniques for Hiding and Protection

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\conhost.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Potential context-aware VBS script found (checks for environment specific values)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped file: Wscript.StdOut.WriteLine "<data><![CDATA[" & mobo.manufacturer & ";" & mobo.model & ";" & mobo.OEMStringArray(0) & "]]></data>"			Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped file: Wscript.StdOut.WriteLine "<data><![CDATA[" & data.osarchitecture & "]]></data>"			Jump to dropped file

Found dropped PE file which has not been started or loaded

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tentacle_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\route_parser.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\cmp.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\gawk.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\uninst.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tentacle_server.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_update.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\grep_log.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\expr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_revent.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\snmpget.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\autodiscover.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\getreg.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tr.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\wc.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\cut.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\puttygen.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_hardening.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\omnishell_client.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\sort.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\date.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\tail.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\grep.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\unzip.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\head.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\md5.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\curl.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\pandora_security_win.exe	Jump to dropped file
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Dropped PE file which has not been started: C:\Program Files\pandora_agent\util\ls.exe	Jump to dropped file

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\net1.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	File Volume queried: C:\Program Files FullSizeInformation			Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_00407F13 FindFirstFileA,FindClose,	0_2_00407F13
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_004083A8 DeleteFileA,DeleteFileA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,	0_2_004083A8
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_0040342B FindFirstFileA,	0_2_0040342B

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

API call chain: ExitProcess graph end node

Anti Debugging

Found API chain indicative of debugger detection

Source: C:\Program Files\pandora_agent\util\ShortElev.exe

Debugger detection routine: QueryPerformanceCounter, DebugActiveProcess, DecisionNodes, ExitProcess or Sleep

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_6E5C22B5

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_00DB1BCC

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C3AB0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_6E5C3AB0
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Code function: 0_2_6E5C3AAC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	0_2_6E5C3AAC
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_00401179 Sleep,Sleep,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,	15_2_00401179
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_004021C0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_004021C0
Source: C:\Program Files\pandora_agent\util\ShortElev.exe	Code function: 15_2_004021BC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	15_2_004021BC

HIPS / PFW / Operating System Protection Evasion

Creates a process in suspended mode (likely to inject code)

Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\net.exe net stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\net.exe	Process created: C:\Windows\SysWOW64\net1.exe C:\Windows\system32\net1 stop pandoraFMSagent	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Program Files\pandora_agent\PandoraAgent.exe PandoraAgent.exe --install	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\net.exe net start PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 stop PandoraFMSAgent	Jump to behavior
Source: C:\Windows\System32\net.exe	Process created: C:\Windows\System32\net1.exe C:\Windows\system32\net1 start PandoraFMSAgent	Jump to behavior

Language, Device and Operating System Detection

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Code function: 0_2_6E5C3A00 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

0_2_6E5C3A00

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe

0_2_00404167

Lowering of HIPS / PFW / Operating System Security Settings

Disables security and backup related services

Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior
Source: C:\Users\user\Desktop\PandoraFMS_One_Agent_Windows-lts.x86_64.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /c net stop pandoraFMSagent	Jump to behavior

ID:	1543756
Product:	CloudBasic
Start time:	11:37:59
Start date:	28.10.2024
Sample:	PandoraFMS_One_Agent_Windows-lts.x86_64.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	850a59f9c158b9d953ee6a75f55f7f8a
SHA1:	00112195c957667f320fa4565966827a8570c168
SHA256:	324f914c6e630516c2d2565cbd0b63e33eb6dc171f26aeaadf4f920636b16dc0
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Program Files\pandora_agent\LICENSE_EN.txt	Non-ISO extended-ASCII text, with very long lines (1785), with CRLF line terminators	5D08FE845FD78A8E0C2A29A2EB6882B7	5F78F8DDD2D7C34ECF43722E3F419C7A736EA988	748DAA8531D8546A84DC62A00145400E0A0117EA7218C56C0DA5E6052FDEEDC1
C:\Program Files\pandora_agent\LICENSE_ES.txt	ISO-8859 text, with very long lines (1875), with CRLF line terminators	8AFB4BCEAC29C741EAAFE8501FD6674E	12DA7F60B1DC0601EAB1686BD06385C1D4B93EB4	F9872441254A9A50AF3613B0BFC730797416F89FE35E2751482DA7F985A5986E
C:\Program Files\pandora_agent\PandoraAgent.exe	PE32+ executable (console) x86-64, for MS Windows	D885123606524EA6542E5AC351FB3529	4A227CD193A6C9E52DD45CEE88E882392536D1B2	60D2F3629D5AAF94895FC7190D82E054EB8C434A5B0E0C0C5F0DD32CFEBBD413
C:\Program Files\pandora_agent\PandoraFMS_Agent.url	MS Windows 95 Internet shortcut text (URL=<http://www.pandorafms.com>), ASCII text, with CRLF line terminators	122B5BED58055866A70C579A063F7DB7	471DB72AD3631191C4A1FAE84A549BACA2869946	FF186D9000AAE2A5C32EBFF00BEBEB8561BC45A3AEC98E8E2ACEAF1B9C3772CF
C:\Program Files\pandora_agent\README.txt	ASCII text, with very long lines (556), with CRLF, LF line terminators	D87FEC777F849B7CECDDA2A243091AB9	F44691748EEB72915CF9BC48903C8BBC3F3F38C5	F61A2C07D84F668B577DC61B0DADE1D11FF1E6352D2831BD084FD24188143CC8
C:\Program Files\pandora_agent\config.tmp.conf	C source, Unicode text, UTF-8 text	77C7E1A77B5BA039E8614913219CFE35	EB7C8D479ED77D6CC6E5A8B6822D7DC8F7146B8B	16FF3398E8AB258ED8D4C68D424029FD208B9B26636133FEFBCAA9BBC46AA0CB
C:\Program Files\pandora_agent\key\id_dsa	PEM DSA private key	A440B1209E716B8459F3DBC149CEEE84	F4334C049829845076E20881D51A3DC06BEA5736	C70AA13AE0FF89BD5299EA1E29743A525E4ED94BEB34963D7CEAE06C35FBAEDE
C:\Program Files\pandora_agent\key\id_dsa.pub	OpenSSH DSA public key	BAB6678DF71AF38522D1EDBB6A2378CF	8EC2C526483BB2DD8CD61F2E11FF43DA4800FEEC	E0E8C684D8BEC7B5922D3A70DF615FAA1034B2F4A559C5AB838065D56F137454
C:\Program Files\pandora_agent\pandora.ico	MS Windows icon resource - 1 icon, -62x-63, 32 bits/pixel	85D847A303A902597C10499B564309E6	95FBA86DCCA8A12E1E62FF35DDF5C070729EF165	0DDD6C3227F03A0468C7827D7FE31A57C88912E68FFFEC43663D49B3BDC7161A
C:\Program Files\pandora_agent\pandora_agent.log	ASCII text, with CRLF line terminators	90BF5F549941BDFA86FC681EFAA7A5A5	47EA99919D2CE871B3D3A25464BDAA4811B6C705	DEC8109576774FA56B25A90BDEEDAB8D13AF5AB2EF6699DE7719DC7AF979504D
C:\Program Files\pandora_agent\scripts\delete_at_job.bat	ASCII text	D6F8FD64C1C88BA05E44E2ADE2023DDF	9F498E3EF71A445B931B7B850B86AE09DAC69819	87ED7D01804E4567EDE299F9446005CCA5BBD198DD42CC08E913307935D4DCDE
C:\Program Files\pandora_agent\scripts\edit_config_file.bat	ASCII text, with CRLF line terminators	243807D40129ADEDE071D14B06563C78	B6262527832AA4C9AD99242DC2C2B4D6DD9B11A9	9BBF07AB1790772F53E71148713AB582725D28FCBA65138F3279EB557DFF5FA2
C:\Program Files\pandora_agent\scripts\install_service_restart.bat	ASCII text	F34B84C10D7720C198453819F8496ED7	3F7F3DCE7A3AE77B6216E3438CB17861D290488F	3BBB79C33EDAE0419C6A28A412E085C3BC09B7AACA57A5DA848ABA22BAEFF1DF
C:\Program Files\pandora_agent\scripts\restart_pandora_agent.bat	ASCII text	0F0529A8B75A1F4C69953A54BF877DBC	319C861AB205B99E5A9FBC444B2A49D517D1EA5F	1385B0D9463BE450C515C37117C1FDE69E3EAEDE7303F6A890A746A5C4DDA4FB
C:\Program Files\pandora_agent\scripts\start_pandora_agent.bat	ASCII text, with no line terminators	9EF4B7B9606F25304F8E79D872467B95	36DC45F0FE5E507001BC853634AA3E11AE10B19E	8AA892FD16C9A2B74DEB858332C208321D5A4FD685AAE0752D1543A038FF895F
C:\Program Files\pandora_agent\scripts\stop_pandora_agent.bat	ASCII text, with no line terminators	8F2979326EBA715FB8755ABD431E3CB8	C85ECF769C5F88C12A74D94FA2FF811602C37638	5A108C7E7E92681E2FE9896D15D7CEC5F5FF80FD066D71D22389AB2BDF531C25
C:\Program Files\pandora_agent\temp\pandora_agent_nsis.conf	C source, Unicode text, UTF-8 text	6408A659A532A04C95DAA74DBC265CC6	FD6ED40F3161B2E120D224DED68F27ED7174FC42	2C19E9BC896D8ABF9F99EBFFFDD943B9DDFA4267F3D45C6A18D88CC5C07266BD
C:\Program Files\pandora_agent\uninst.exe	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, Nullsoft Installer self-extracting archive	F8D684076FEC4F11E669E1703F8B0594	6F4906C82885A87682F19B59870BB6B9C7F75105	0A90011466A029E070A26A4D5DED7DB70D82032B5F5E67B46AFC82035B64A117
C:\Program Files\pandora_agent\util\ShortElev.exe	PE32 executable (console) Intel 80386, for MS Windows	0137DF9F792F635269E6FFF74F238C95	160E1A74D9AA7527950E78F55AA2781F254E3A0D	D8CB74994754E0FE701F842651AD5EA4F54B41C0450ECFD511E2B7A8C761847E
C:\Program Files\pandora_agent\util\agentname.vbs	ASCII text, with CRLF line terminators	DE44AD7D6FBF39526F68AF40E9ECD4A7	8A4F4981ED33C64F33568942603405575631658C	A7C65773E82FF00050C82FA2A533F2766F36580E252E667A96F6D7EF7000E0B0
C:\Program Files\pandora_agent\util\architecture.vbs	ASCII text, with CRLF line terminators	AEBD70C47BCEDD3C82D139EFD3417AED	74D38B51B0C7735435B074D6B243D9A68DD7E4C5	B0EE089647DDEF0B8FF8E31242AD70F69348B0F0F64DA6C8677DD9825F633FA9
C:\Program Files\pandora_agent\util\autodiscover.exe	PE32+ executable (console) x86-64, for MS Windows	B78E6406E3C0DA278DB5BCED101601EA	91FA0194585EC6B89D1C55B8CF7582518C852F4D	748A486B9C21B2EEC81BC6B4CBFC95BBF632F31A5F9D1C60847A5CB05A01AE00
C:\Program Files\pandora_agent\util\cdromdrives.vbs	ASCII text, with CRLF line terminators	7C454F085648F76838D1A9002AB7C5EA	5591D61EA5ACBA733EC2F18FF81456B515387919	E20CA1639B50492EC6B84ACDB36BD396F9B11A63D0AE6DDAC3DFB99CDDA24F83
C:\Program Files\pandora_agent\util\cmp.exe	PE32 executable (console) Intel 80386, for MS Windows	DAA576E1978EADB12553E248153B75C6	A459ADCD4731222FFE69CF58614B60B2F1D6E960	D9D3E81879F07A958218D9EC371198246E2A77A21854CDAC850E093148E2E05D
C:\Program Files\pandora_agent\util\cpuinfo.vbs	ASCII text, with CRLF line terminators	FA325AB5682E3CAE8E9347829969F91D	6A8FE0D684824804F0B024BDE8ADF748FAC3DD14	F3AA1F52D0D61F4DB162B906F7E97E54A998ACBE7A9543A5F30EE319FBEA3E4E
C:\Program Files\pandora_agent\util\curl-ca-bundle.crt	ASCII text	3231FBCBBB54C2963DC37F7224F127FF	5F128B187304334D2C3100D920E74B14D0922B9B	0D98A1A961AAB523C9DC547E315E1D79E887DEA575426FF03567E455FC0B66B4
C:\Program Files\pandora_agent\util\curl.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	1AE73C7377B325580C275199448F56B6	E346D821A2A7BC22A5CAAD3D8E01559805758BD5	D2694B2365B5DAB4EA938A573908B40BB205E87613747AA6A24C55E738B2CD77
C:\Program Files\pandora_agent\util\cut.exe	PE32 executable (console) Intel 80386, for MS Windows	E9757F1678ECE31C59997C073A6527A2	27A3B82BD79DBC9F537F9714C7E9E696458B8C50	D6A826157AF7F290ECCF6F3A35AE7719D959114E76543233E629F2157B1BBD55
C:\Program Files\pandora_agent\util\date.exe	PE32 executable (console) Intel 80386, for MS Windows	5E978EC5F615396EAA1B14334197B68E	B1EB6C03404A135DB5F5E67AB972BD5E6EE9B458	5B399B89AD901437FAF4BE061DABC2A3F70C6973316A536D4245604BEC394B54
C:\Program Files\pandora_agent\util\df.vbs	ASCII text, with CRLF, LF line terminators	30CD38DA7EF5D8E165D743033950F1BB	254D2646884FC83862436A2D96409D727267A6AD	A3A2DF6A88DB186A1CF4AAB940DA77A0BF6AEF546B8D703F8ABEE30BEB5042F6
C:\Program Files\pandora_agent\util\df_percent.vbs	ASCII text, with CRLF line terminators	274690D1001D718FB7C4A30F3254AAD5	4E5A81EBB21BA5DD6CA68C3F727638C0892498B5	F91A0A6980B2D8CE3F5C7A91800E73F158424CB7BA2F95E817FF6C1914750F7A
C:\Program Files\pandora_agent\util\df_percent_used.vbs	ASCII text, with CRLF line terminators	A008CA020CB746D2E21B6B56CEBF96EE	FFB6EC8FF2CAE4CE461DAD4C70074A49AE6177A8	EED11686252730687CF953C3CEDA36CF8FA1B1CDB5B49E0236AD290AA5AAC223
C:\Program Files\pandora_agent\util\diskdrives.vbs	ASCII text, with CRLF line terminators	15C8101385C66FC3802E6813CF3DC423	513BA9EB9F012882FD4D7830CA4D1FDA4E2A1872	8EEE5FB45BFAAC2989F4D3E699B55AB979777E45C9F9E976DE5CC000907C5909
C:\Program Files\pandora_agent\util\domain.vbs	ASCII text, with CRLF line terminators	FC5E90EB8E621E54BFD7132688712092	6786BD62C0DA23E5F1F8656F55E328AB3B70A6CE	6C26CBEC48E95EAF5BD33F33B7A5A0AD776B9D3BB90BE5F8D8287EBC4299127E
C:\Program Files\pandora_agent\util\du_percent.vbs	ASCII text, with CRLF line terminators	911A706AA3841C19A99E77F19B5DA946	ADA752DF2F0F9070C0B15C729F17B614EC45D17C	975051E41D150DFAD000B9E49DB2C13C5756789881A4512F6C649E1B532829E4
C:\Program Files\pandora_agent\util\expr.exe	PE32 executable (console) Intel 80386, for MS Windows	8C538C7548AFB81E8F0372F54740D9CF	2E925ED029FEC55BBDF13B40B3F7301CEFF76556	C412FD2EF78EFAE5F2612D8329B46C8ED4805FB73E5B22E2066D203520F726F5
C:\Program Files\pandora_agent\util\gawk.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	3436EAB6988E8A911895122ED1862836	93F464CB986A95FBF7E5C96CC484593BBFEB3D07	C8AF969F2A9A9F05D22AD9373F019D6C3137BA2F2DB4DF25C1B6EFC98756C77E
C:\Program Files\pandora_agent\util\getreg.exe	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows	2D86FBBAFD56007EFA078D5D5306F91A	CB8936AA26076E00421B3E27DD8537C13A267719	0FA7D4683BA5C3A04B06952756097A8FF223656F488867AAE039038766831560
C:\Program Files\pandora_agent\util\getsnmp.bat	DOS batch file, ASCII text, with CRLF line terminators	6F4682D7CBD94D4ED8C3C0E231D81D72	0356F17FD66BF21EB803FA270CF233446FDC8A16	11750145FB0E2FD110D05FE5595D288F491DE42C6165FED267C574C939CC5D4E
C:\Program Files\pandora_agent\util\grep.exe	PE32 executable (console) Intel 80386, for MS Windows	9E05A9C264C8A908A8E79450FCBFF047	363B2EE171DE15AEEA793BD7FDFFD68D0FEB8BA4	C2EF6FC419630D566154F8372E94859DF8141D02805BC7BCE39C726A1FFEF7C1
C:\Program Files\pandora_agent\util\grep_log.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	3080F13EBA13E255EF7ED6F6CB8F4D27	A7395C8D422DAEF44444F8EC29BF23D10E4407A7	10031FCBE30267958B39B30BCC52A213C90CBA5B8AB05AD0DD45F7E723CA0F9A
C:\Program Files\pandora_agent\util\head.exe	PE32 executable (console) Intel 80386, for MS Windows	9851E260F5F64D1E81C2489F660DCAD7	7F1D221C713DAEDE799DFE4933B0BE9DC2491BEA	FFA5E945163FFB23D26A5DDE041802219B03692E7AF409E621EF92D6692DFBAF
C:\Program Files\pandora_agent\util\ifaces.vbs	ASCII text, with CRLF line terminators	655BFB6E38CB81C29B18EC774C4C0616	AC0A41AAE4440C479C84E88B86CBC1B3C145D259	FD62EBF990F5A2B7863E9D7C3C16DBF8B75052C5F2DADBBF70DD3B9E9945F665
C:\Program Files\pandora_agent\util\logevent_log4x.vbs	ASCII text, with CRLF line terminators	61D156A376784D88A48556FF9D27C37B	186E8E8FEFDA6CEC0B57B83CD3F68661B7E2D48A	A54E68AE0025B9C8E2FFBAE7A148E8176A705AC7AF6F6E2A60523C24E3A1C57A
C:\Program Files\pandora_agent\util\ls.exe	PE32 executable (console) Intel 80386, for MS Windows	81B68D181440D59C0565986ABC141139	62818373DDDCCE027FF2B669AED585168AE2C79F	4C81921B72CA4C8C747EC65A6541289FB97436DF807FA080F9DEBE7502E7D89A
C:\Program Files\pandora_agent\util\md5.exe	PE32 executable (console) Intel 80386, for MS Windows	609F46A341FEDEAEEC18ABF9FB7C9647	1945FE2D0A0507F3F5C6EB47F089204ECDDA00B7	5B7F9A223AC5A8C768287FB9EE321364F8586EA392A3E4F75F48E3EDEB936E69
C:\Program Files\pandora_agent\util\mem_percent_used.vbs	ASCII text, with CRLF line terminators	8AFC5B6660004DC936BA584883D98CC6	DD7A7A4B5789504E90BA0C9C19CEA3C38328803D	DB7F12EBD2E77BEBBB1F5E6A15E8A2462F03CA8B46F2052913D9BE3C59F37995
C:\Program Files\pandora_agent\util\mibs\AGENTX-MIB.txt	ASCII text, with CRLF line terminators	701E67A710C4C197AA3FA68E1C64BB86	97647B3CBE31C4F5CF68F3F356FB4612DAEE3325	7C65E0EDC4A1161B37532ED226924597C369721D609AB0E1D82E00B590FDAEDC
C:\Program Files\pandora_agent\util\mibs\DISMAN-EVENT-MIB.txt	ASCII text, with CRLF line terminators	7F781DE0F1384AC070D767360379CC43	0EC4FA8AE58CDED0BDF81AF5208463F873A2C410	21AE5BB52D44DF8D65B2F490C425EFB769E3FFEF834958E67BE97AA76BB0F1A4
C:\Program Files\pandora_agent\util\mibs\DISMAN-EXPRESSION-MIB.txt	ASCII text, with CRLF line terminators	1E230B08587679EF126B95F1D239B7FE	24D63F64E29DD3CA9B1819BC890AAD6A077CBE82	557D7AB8F965D1D350AC79EFABD1B75CD9451C2FA4B6EA614F58B21F33511A35
C:\Program Files\pandora_agent\util\mibs\DISMAN-NSLOOKUP-MIB.txt	ASCII text, with CRLF line terminators	10C139518C9FE00E4C083D77E7BCA941	674F90E32187E8197F08CDF2AA9687B1F7CCA64A	BA30FBBEBD1E7EA8FE2A05800E0174482DAD53D6A3B141914A8940857C839C66
C:\Program Files\pandora_agent\util\mibs\DISMAN-PING-MIB.txt	ASCII text, with CRLF line terminators	97302071743D6D8633730E1DC161C6E3	C30D344F955B550DCA491844282D0AB29F7EFF1B	D7FCC68B363439D7E21103C55DB449C0D8499A9C08B268F2338BA93C4B2E0399
C:\Program Files\pandora_agent\util\mibs\DISMAN-SCHEDULE-MIB.txt	ASCII text, with CRLF line terminators	DD8851B4DD5A086187FCC5F3D7B1BCD6	7FA5A72A7A4C5A6BF5CDC72160E904832F72FF15	CC94588DA018D3213E631460CD2C4A04ACAFA356D18EFCBAD30B0B710AC0D3BD
C:\Program Files\pandora_agent\util\mibs\DISMAN-SCRIPT-MIB.txt	ASCII text, with CRLF line terminators	351D511DCC3222E19AA0FFE570FB4DA8	4BFD2A399D9C10C5E7BC50637B74DE0EDA825DBF	10FB329954F99DDEB032EBE2C339CE2995B2592AA14201F6EF1031504F650385
C:\Program Files\pandora_agent\util\mibs\DISMAN-TRACEROUTE-MIB.txt	ASCII text, with CRLF line terminators	E75DC0921B17C4CB40CB8B8178D2D447	20E5E669CD2397472F4D6BF3031447DEE854FB42	0864EF25E761688A28F415816F3B1DAAA57276E3F753E49632D7023B68600419
C:\Program Files\pandora_agent\util\mibs\EtherLike-MIB.txt	ASCII text, with CRLF line terminators	C9D9C3FA4B867B1AC499C2132CBC51E7	A1E54409338CEA447CDB0F594D2BD00B1C0CD70E	CC3AE91D315E1F26A130AE981A1E6B10F33B6DE77AAF688BF049E1122F4537B7
C:\Program Files\pandora_agent\util\mibs\HCNUM-TC.txt	ASCII text, with CRLF line terminators	93390923BF869A02334C6EF311262553	065BB2644BD23EF0CE378EC87F1485D048ED8A45	8ABCFEAB6C29C8A3B01594EA4811DD2C41D52556CC3BB041B11590D1F54B7A52
C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-MIB.txt	ASCII text, with CRLF line terminators	9A157F456142BB85B39539F4E243E40A	C4D92EC96E7B654902A09093DCD9E860588F6D3A	6F3D02FB95A6CE06A10A897A85D28C78313287829C12B78F1377C01349272706
C:\Program Files\pandora_agent\util\mibs\HOST-RESOURCES-TYPES.txt	ASCII text, with CRLF line terminators	A2A4ED20EEDAD194BE225C5D5296B80F	245C83580B601C974DF58E1655CB69DD7762196C	6087F9B5A1F99B9DAC0994D6D8EC1390603C4685B28FFD0021B3171EA9B9168F
C:\Program Files\pandora_agent\util\mibs\IANA-ADDRESS-FAMILY-NUMBERS-MIB.txt	ASCII text, with CRLF line terminators	9D971306D39AC6D012ED9EE3D9848DAB	6C9759A4BDB7A1C0744CD5C7F72CC389691D49F9	F6C768E44E640937B4C6F25F51B5840CE7285D4A596C7C516ED7E4E9D8296B31
C:\Program Files\pandora_agent\util\mibs\IANA-LANGUAGE-MIB.txt	ASCII text, with CRLF line terminators	F3B7F541D4F34FA04C7CEC3281362A13	B1FD024359D5D4858E8409E33426560CE6214642	6172F243FB0A9DDB717D4141C2096482CB941780FE7F15C0E5960EF2D44B056D
C:\Program Files\pandora_agent\util\mibs\IANA-RTPROTO-MIB.txt	ASCII text, with CRLF line terminators	1BFEC851076C2557D07352624E479D34	A5BC44B235B0DF57D6DD5A81C418601ABEB58752	DD298131CF7EEFE793C0F8C68D89CD1A57F75AFC6B2BF19C495C97CC72AAD1DA
C:\Program Files\pandora_agent\util\mibs\IANAifType-MIB.txt	ASCII text, with CRLF line terminators	33BC1D0806FB9DDFF648B385E708D717	28CEA49B98780F4FC54B7DCA3B632C6711817308	AF07BBA3163A17F92636237F7AC049D897BE4DC8BD2A5FB83DE42C990E98ACC7
C:\Program Files\pandora_agent\util\mibs\IF-INVERTED-STACK-MIB.txt	ASCII text, with CRLF line terminators	BCCDEECC99EB61D158428304FC1FA7D4	B392E70263410598BD4F349DAF7D99CC57911EA6	3466F1307C322BF3DE289A99738B74E0CFEA136E1CA309C2C8EAB56D39985AD5
C:\Program Files\pandora_agent\util\mibs\IF-MIB.txt	ASCII text, with CRLF line terminators	EF53E4BFB4D4E1840840DA4409582D14	E0509B730173F2D6DE11BB5EC11AFBE2FA378B2B	EBACA56D0146FD8246A202C68B96F36A10688B77B74B70F268A927D118BD366A
C:\Program Files\pandora_agent\util\mibs\INET-ADDRESS-MIB.txt	ASCII text, with CRLF line terminators	D014C7A1E43EA5E4D553344F3B72C2E3	C8027555ED4208B30B038FC05578CCE08FDFE98E	8FCE1BD9FA27EF77CE579A8D22E936718FBE43C99C61366D40BB911B205797B6
C:\Program Files\pandora_agent\util\mibs\IP-FORWARD-MIB.txt	ASCII text, with CRLF line terminators	4D342DE9269A901742DD1C237235E833	2F5D557A5A988579448485D833263208E947777C	163B5CE2719DBEB81BEF6C9B9BBB2E4BD6C5B1AA74067C3E466D145D40E8740E
C:\Program Files\pandora_agent\util\mibs\IP-MIB.txt	ASCII text, with CRLF line terminators	8C6E3432608841E162ACBEA05C85F5F7	DB9B3A722405B6731949468BC0BBAD8AB414F0E8	827985E73003D4F7C998D69DF2D89E1F159F7CEB4AE27516A8CF055B36452E27
C:\Program Files\pandora_agent\util\mibs\IPV6-ICMP-MIB.txt	ASCII text, with CRLF line terminators	E0F41D34F7ECEECD8C71C667B257AE17	15914F5D069EEF495DED0BE22154531860DE46A5	B3DF8FF785B4B7F152C1CDBA0BCC104F6D9AE55E17399CF9C64012AA0A34084B
C:\Program Files\pandora_agent\util\mibs\IPV6-MIB.txt	ASCII text, with CRLF line terminators	904A6564FC3492959849D10F8D01A3DF	81C4CB713A66739C6A9BC3C5D29F05C90D4D31E4	3A941806B960EC1FFA55617A875902B2CAF985AEAD137B3E7A301335344BE586
C:\Program Files\pandora_agent\util\mibs\IPV6-TC.txt	ASCII text, with CRLF line terminators	72EA269DC6762733C0A0B9E359516446	EE2983BE6C50143CACAC94FE3CEF8113B298CCE5	86011652171E2B1851B8560B4265C34F700A7E9B63D37CA399EBA15C9A1A7D58
C:\Program Files\pandora_agent\util\mibs\IPV6-TCP-MIB.txt	ASCII text, with CRLF line terminators	27C2064EA68B92028CB7C150E519B020	9B6AF4777611250BF06D48AD040C2CBDC543A0BC	8B87EA192A6262B677A7334A8FDC16FA7E7D17669C45D778D9C61B34FF22F6D4
C:\Program Files\pandora_agent\util\mibs\IPV6-UDP-MIB.txt	ASCII text, with CRLF line terminators	8CC9E98F089ECA1B6EB4B72556C96DA7	751201E62204E1F371CB919D34A8C1A61FCE6A23	E19F75DA5915A7B10CE8E0CC18E9997F37E49A95C81D27C40092A73F43B0552D
C:\Program Files\pandora_agent\util\mibs\LM-SENSORS-MIB.txt	ASCII text, with CRLF line terminators	1058BB123A09433AC488D924BC9BFCDF	D61AD1ABAB12D8CF03A191CD07A334173B88D72C	C9929C407B0D168B88C63F9439FF4D60EBEF777F524F38186ECB08031D496DF6
C:\Program Files\pandora_agent\util\mibs\MTA-MIB.txt	ASCII text, with CRLF line terminators	214774D0A14FEE3F2F0EAA060B0865CF	B85726EBB501D6814E5040FE761E8EC9B60C9F16	B6270D6E0591D57E59BD9A8AA33F60941CCD1A8B4C6591A5D597284C50C7F656
C:\Program Files\pandora_agent\util\mibs\Makefile.in	makefile script, ASCII text, with CRLF line terminators	D07395EA3D0DAFB840CFF796D6FEC340	39BB8C1DB9D277EF9D1C095B7F301053600CE8EA	BDB8AE6214EEA299D84F96FDD3010CC029BCEFA88E507FCF0130A52F9438F5A3
C:\Program Files\pandora_agent\util\mibs\Makefile.mib	makefile script, ASCII text, with CRLF line terminators	22470257D315E2D2C3F4C63C99D35806	0B2E87ADE0F3121985E5ACA41F9AF4AE05E6B540	C8DDAAA22DBCADFFEC578FC1C9FE2EE440B82DBF8D59773497C42FAFB4A9DFEA
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-AGENT-MIB.txt	ASCII text, with CRLF line terminators	E137D8C80CCA494FAD2CB2D427DAC533	9A2A6500AE1C4EC774F15D83D9581945EAC00BD2	4E4101A45CB3E24A900429D10D9E8E3F4487C5985DD230C858F4FDA2D633B49D
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXAMPLES-MIB.txt	ASCII text, with CRLF line terminators	5E69A7F345317D31EA04A277FBEFA59B	AC3425E059EAACFD33B6EB3A59770E3479472C73	5424F9D36D1337A06C1928A6E873C71F389D0EB983026A00C47CDE629C3A3A90
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-EXTEND-MIB.txt	ASCII text, with CRLF line terminators	B2514ABC5F09F9881DA56C6E9F05DEFF	7013532EF84E0C169BD6A1E668CB24ADCFCAF7CE	319D812877D11166AE18EBC0D84234214BB072863EA629A529B5B8676058FF5F
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MIB.txt	ASCII text, with CRLF line terminators	222876F2F94EFB4D20B999F18B0D4003	A794DDA8E5C1815914D94AFF64030E389A001B32	4F62DD4775E1654F2337BEB145D0680CB12E11131649AFD490092C8728761E78
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-MONITOR-MIB.txt	ASCII text, with CRLF line terminators	99915F9603ACD040D0514346CA4AB91A	B3F142CD6B5ABD38B3043E400884E33C600DBEEF	98346A109BBFD3AB2F5D505E62BDE271F3C84C779E9F2845CE4CD292F82CFA87
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-SYSTEM-MIB.txt	ASCII text, with CRLF line terminators	BF0CF220E8C982AA58DE0A71DE2279E8	16C4C0408FDF2C94012D5B988CFB347202B9E4F6	D8F0630D7B859901BF48179BEFAF80EC37B0C1940B259ECC08461AE37BF2C8E2
C:\Program Files\pandora_agent\util\mibs\NET-SNMP-TC.txt	ASCII text, with CRLF line terminators	DADDB933CFDEAADA581E6F3AA130F14E	B3B809BE6214ACD36D6A323982FF9FA311B766A8	F9ED09E0E72CD8E174601866F3F0C614959EABDB7CDE35273A513CDD94D1788E
C:\Program Files\pandora_agent\util\mibs\NETWORK-SERVICES-MIB.txt	ASCII text, with CRLF line terminators	6E91D98D348132A8BE01AE5D6E272B2C	DAFC30756CAD2CBBB969379D9752040954CDBE3F	9AF972265BEC90D5402D6489A969B08F72FBCFA2DB1B76722B4FDF08D36EED99
C:\Program Files\pandora_agent\util\mibs\NOTIFICATION-LOG-MIB.txt	ASCII text, with CRLF line terminators	D01122F476E946F4D54E4632A0DF0B77	69D663E17C71F5D5AE8F8763F792B2228E2D9705	D8E34A4C400B10BF250D5015F7480C59F9086589A154F63CF74A8850D126E978
C:\Program Files\pandora_agent\util\mibs\README.mibs	ASCII text, with CRLF line terminators	93C9ECDB3366FDEBFB87C7ECC4342CF1	CCD952FEFE7DA5A4B6E9344E3A69ECF7BC863435	BC2C82A6CCE8A866DB9F9C29206C1D439A91F70AB594BB48DF32A3A3DC311A4A
C:\Program Files\pandora_agent\util\mibs\RFC-1215.txt	ASCII text, with CRLF line terminators	725DE387B4E39A6F7294F691E0BA5F86	4045801262A657A4138465529DE01EA1F0598C30	F900B6FC0FCE8C9ED85081C3620997CCF8FF74D86598A8E2EE346F8CB90FF4F6
C:\Program Files\pandora_agent\util\mibs\RFC1155-SMI.txt	ASCII text, with CRLF line terminators	ED912CF00F9731C866B74473C8FBFEF4	F28BC8753FDB0699884F97916D54592982AEC49B	BAC4961D44BDA723D5307D491D61AF714D08C78A686A0ED7091EF862B9670677
C:\Program Files\pandora_agent\util\mibs\RFC1213-MIB.txt	ASCII text, with CRLF line terminators	679E11BCE447A4FF4F554790038DF315	CFC5D8EA851E8D73D94F8588D0A8F2259300D5D3	25817FC8C4A21C5AB56DF8CEAFC79761D41C3F770464C853A6EBE16EA8990B87
C:\Program Files\pandora_agent\util\mibs\RMON-MIB.txt	ASCII text, with CRLF line terminators	73BF37EDD18290C8D8E2FED79C97892E	BE8DBC0CEC2D7C186F684726A65783FD5E18B4A9	0B6055CD97547623D5EAA521FD94173CCE3B0E0F93987B8DEF727EFA4FBEC580
C:\Program Files\pandora_agent\util\mibs\SMUX-MIB.txt	ASCII text, with CRLF line terminators	543F1B75CBCB483907ADC7D4FA56C2F2	E20BEA1739A979287F80CD9ADDB2F3E22039A88C	371C965D38543B48008D9D3D8720EF93C6B06E66FE28CC0C0CE243BCDC31089C
C:\Program Files\pandora_agent\util\mibs\SNMP-COMMUNITY-MIB.txt	ASCII text, with CRLF line terminators	AECAAA7181E17F9B203157842BA8A936	FC1193D5B2A25A6600927EC31D31B4C394702B77	5938BDA85EA908082117A9B211FC233B8601BDD65CAE91327FB7DCAFEF19F1DE
C:\Program Files\pandora_agent\util\mibs\SNMP-FRAMEWORK-MIB.txt	ASCII text, with CRLF line terminators	B8DAFEF8DDC384E8CB759F2BE9AC7A6E	449DDF2B634FB564C0F7134C7F3F8E687B105BB0	789DAF7E977A98E1783C24DA18F84619277F136A5B48A2674CC384023ADF1FDA
C:\Program Files\pandora_agent\util\mibs\SNMP-MPD-MIB.txt	ASCII text, with CRLF line terminators	3DA9E97A77EFD724537902B3CB5C5E20	D92C1EE613622B5E29E46E0682B530A828E234B4	2740E273E158221082C39F1BF6B9279762CD45D0FEC5DB42F02C0856ADC0BDA9
C:\Program Files\pandora_agent\util\mibs\SNMP-NOTIFICATION-MIB.txt	ASCII text, with CRLF line terminators	517238BD0341827EFB4E7E3ED9FC83EF	A365D904CB7E9327FD38740822466B67DD1F277F	6D3DDC70A544685ADA041B875C795DF2514AD0FBE833FCE94D6E450C9DBDBA6E
C:\Program Files\pandora_agent\util\mibs\SNMP-PROXY-MIB.txt	ASCII text, with CRLF line terminators	6F09A6427041D09307F9DEFB682EABEC	01E643941525CF80B4AA24928FA3A6AE33D02602	DCA5F7EEC540DF1A6F9F09D40DDD16F10B1411A6C6935A7B9404963F16DE52F1
C:\Program Files\pandora_agent\util\mibs\SNMP-TARGET-MIB.txt	ASCII text, with CRLF line terminators	67EC17553A539DEBD54B532E5C03227C	80C065AFEC94A1ABFCCFDCF066D7D3632AC59FDA	205CA244735D9EB927C1231515AD8447A91F43AFC6918349F50176284AF13C48
C:\Program Files\pandora_agent\util\mibs\SNMP-USER-BASED-SM-MIB.txt	ASCII text, with CRLF line terminators	6CF361FA1B4C8E2406C30AD42BBA9833	94EED38C64E25EB864955EE4D23582CB565CD12F	EE6837C845C8D60D92CD0543E30BC012F2BA82A2DA5ABCAA7B6812C2FABAEE8D
C:\Program Files\pandora_agent\util\mibs\SNMP-USM-AES-MIB.txt	ASCII text, with CRLF line terminators	1F032E2031F631B9252E578E2588A20F	00F07B16314E6D9E88EDDFAEA7CECD0F2A9351DD	BED1767309D094C9F4644467BE3FA6309D59A082BDAAEB5EEEEEFF3B05527A5D
C:\Program Files\pandora_agent\util\mibs\SNMP-USM-DH-OBJECTS-MIB.txt	ASCII text, with CRLF line terminators	C25578F4CFB480B1901C923183839F44	FFFF931DA4464404467B4EE861236CEF1ABCC9A1	1AC7924954F8BBAA4B3E4B8163A4365D2885991F9AA4D13A34603B33C07E5747
C:\Program Files\pandora_agent\util\mibs\SNMP-VIEW-BASED-ACM-MIB.txt	ASCII text, with CRLF line terminators	ADC8C65A8076B81C061934F1322480F8	5F29A2458010126EE48E65FCE297A7B458A18836	86A73263497996532E68AF4DF60C8D5EFE9A36F480E7A21140596D5287963FEF
C:\Program Files\pandora_agent\util\mibs\SNMPv2-CONF.txt	ASCII text, with CRLF line terminators	0B06190D90E169FB58292B383E85C30D	51DA77AB35FC7C2BA5FE023C4D16F1A6486E4611	57BBCEF54A74D2EA467FC821E30F4769081504DCE157DEC1D8A41BE771D65983
C:\Program Files\pandora_agent\util\mibs\SNMPv2-MIB.txt	ASCII text, with CRLF line terminators	F1382CD3AE375D57C0DA4FACD4A772A6	C991931B91C11C369600BA6D9EFA78526C6B1011	07F239D8858E31165E22CFC29E9FB0A9919A642DC22ED0117EC19731A703FF1B
C:\Program Files\pandora_agent\util\mibs\SNMPv2-SMI.txt	ASCII text, with CRLF line terminators	503EB55D4ED1352C69EE32699426DFF5	05B917507E1C359174B1D31DABED785E31F39593	97816AEE70C1CD365F7487560F7D3925969F9A28B60CDAA4EFC1376FDBE2D38A
C:\Program Files\pandora_agent\util\mibs\SNMPv2-TC.txt	ASCII text, with CRLF line terminators	E02F8727805D92729F93DE2BFFCE917F	AD905E7F1C2F9515535E7B47917F6E71BF093029	42A0DB2CB7E93DDF766B669E4CF1BEBF0F22BC1F18AF4DC2DB50FD57270E532C
C:\Program Files\pandora_agent\util\mibs\SNMPv2-TM.txt	ASCII text, with CRLF line terminators	BDB9510C0C05FBBB78D63C061680FDC7	4FD12E058AD63F41B4E178F22F9DD377BE4B982C	1801ED28D368ADFF9CB8EF25683F6D03CA9B30378E0AB30A515D7CCA284D3C17
C:\Program Files\pandora_agent\util\mibs\TCP-MIB.txt	ASCII text, with CRLF line terminators	F148B1B4FF2B1335D2CCFFC39B667707	1510E7F2323D7449D5FD029137377F30D680C49D	19DDD9268F0297FC3BD35E124CFF6E0D38992752ED4072959150A82D8FC18D5A
C:\Program Files\pandora_agent\util\mibs\TRANSPORT-ADDRESS-MIB.txt	ASCII text, with CRLF line terminators	7AB5E0346708DF798FB715C0AB979943	CEE303134DE3CB04F2236000D923544244661BA6	597EA5CDD5DF800509918D1A1A179A40297452DACD04544322343291546EE3F7
C:\Program Files\pandora_agent\util\mibs\TUNNEL-MIB.txt	ASCII text, with CRLF line terminators	22A19F0F869F76F8A8B2F853FF5A41CE	F4B317A24EDD069734E31837489E16520040E202	0173F565D3EEBCFFCBAF1202023F3F846FCE437F0C2870406974AC07A0838DD3
C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.inc	ASCII text, with CRLF line terminators	F83DFF25C6426621EDB005A1EF9A531C	0B49A19B1B8ADEFF5AFE44F4461C7DF38FB36E42	6B664F546C88F0709C8CB725D9EE047AD31B9B0C4AB3C31772E6CFA7592E5392
C:\Program Files\pandora_agent\util\mibs\UCD-DEMO-MIB.txt	ASCII text, with CRLF line terminators	ED40E14BCCAC62CE7FACC141577B66E7	2D6A8942C6F408033C659045DCCB867C6A4D2721	C3E2207331F525E1284B5D2ABD2942573BBC181436B887D9EF651E9E795062B2
C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.inc	ASCII text, with CRLF line terminators	2E33C0AEB8385BB88AF235DA6117A9E5	400928DCD581D66DF470BD587BB3285DBB52F4DE	51A6A532FEBE61DB61200BAB7435764E67DF8330B1CC702FC00D85E065962CCB
C:\Program Files\pandora_agent\util\mibs\UCD-DISKIO-MIB.txt	ASCII text, with CRLF line terminators	58A92AB5DE120F4ADDC3765F8110F948	D60C50767AF9788918252E1819A856696E31A533	76EDD511187B0527849EB9E20C8B0BA9F2B09AA8533DAE80F425E981CCC8494E
C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.inc	ASCII text, with CRLF line terminators	5C0560D275354E7E4BC83568D4DE9BFA	217503D90ED1064A321F948DCD01C76913EF895E	CFC05E54DA3353D230F6D9D11477A82EFC7DD286294CC5FB255FACD34FF00B9F
C:\Program Files\pandora_agent\util\mibs\UCD-DLMOD-MIB.txt	ASCII text, with CRLF line terminators	39E5C398E690F410D461C8FE752C6D46	F04C0682E4AEBEA4C89358FAC4E4E8C53BE778F1	EDDCA15A163DDC9DA5322E808428BDCAC02B2F5F7C1D9E3F3A508E1F9D80B7BD
C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.inc	ASCII text, with CRLF line terminators	079E3BD6992A972DAC27DFB9465E7BE6	8B0C37120DAE3E3045B40E9E463D021CF6BD6922	7CD6A7270169959D314F6E2F02DA9344A88782041ED54F4120E3D4598CAC229D
C:\Program Files\pandora_agent\util\mibs\UCD-IPFILTER-MIB.txt	ASCII text, with CRLF line terminators	B50A57B79159DB1DB84681B08BDBED1B	B5E89BD3600C55DFEFE48D39D86FA984B46322E3	29E75F4059055674212FD2BEB8C3CB2B462D92611DC92F5C1AC7D83B133ECFBF
C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.inc	ASCII text, with CRLF line terminators	C16A7DF90ECF0CE222F4936E7630CB2F	DDBBCDF5E3037FCF8E7940D4E99A9D80FAB470FC	E83612284E8B7A4E88D169AC06989DB5550F008340762B9C284E9C87829E090F
C:\Program Files\pandora_agent\util\mibs\UCD-IPFWACC-MIB.txt	ASCII text, with CRLF line terminators	46CD01277A905E60E42B29500BBD8D1A	ABEF44BE673C8DA9A6EBE2C9723FF95F3952A8A4	345B50E98B00DE6A6994526F33CB33FFF3F7A9357984CD0E9BBF1C9496FEA72E
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB-OLD.txt	ASCII text, with CRLF line terminators	15D29165FBCDFD164BCC0D70CD516BB7	87BAD15CCBC91758A101B3FAEBD521BA4F405683	ED0C5755A844421479058D51E1C4FC504FECD181229CE5C5AB24E1DED00F0C25
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.inc	ASCII text, with CRLF line terminators	3D9811A1E39EF81F3AD5AC48F4EDC6BA	F2172CFE20B2350F6941603DEF4E0C313C05F0CC	0DB7F19C20D065B544C47E57E4ACF825072141E2BA1CE29455BDAB158949327A
C:\Program Files\pandora_agent\util\mibs\UCD-SNMP-MIB.txt	ASCII text, with CRLF line terminators	5D55496EF525DFDC3779E1D8F715FD88	BB98847EA02A34C48CD493FB03AD8F900516D08A	AF5607DE2825C321B129D46DCAFA34F44ECB82023AF27518E3F9FE2C37A6EE73
C:\Program Files\pandora_agent\util\mibs\UDP-MIB.txt	ASCII text, with CRLF line terminators	20D651515B215C85D0A23DAE092522D4	95B7DCAF64B21D12D1129A80A252A487A2BCADA9	F1EEAA7B03F38F8C95DD1F6B23B3D04F71BE4C35E358E7629F3CFB36E9C989BB
C:\Program Files\pandora_agent\util\mibs\ianalist	ASCII text, with CRLF line terminators	43C2586B2291D0DA2E2E1E0CBEF97B7B	E7E5156732A86D2E36C2204A5C7F7F9431F74AE5	23C44B98019A0AFA8E98B195A945589859AD902537BCD769604C16017302E567
C:\Program Files\pandora_agent\util\mibs\makehtml.pl	Perl script text executable	7626B7342F997805C495B4E1454726FE	4B1C3B6BE1D11EEC37FFC667A3870B3CD80F62AB	4EC4559837B1D7DBA4A14A68C64EFCF41D92B6FC97126F2919ECCE6EC59FC871
C:\Program Files\pandora_agent\util\mibs\mibfetch	POSIX shell script, ASCII text executable, with CRLF line terminators	26300E108349EBD2A84C05D2C0262EA0	2FACC16D12F73217437F1B7F0ECB2D3B0547050E	2994EA0EF22595DCB2113E33A0DB2CEFFA631DEE7DA50F0D4B68563E64E7F98B
C:\Program Files\pandora_agent\util\mibs\nodemap	ASCII text, with CRLF line terminators	6E3A9614C90E3672F0313314820ED249	AC2B7320648AE4E113490A4DEBBFA564DCD92F87	135B5DE9CA9F58C6F77B1011D2D196C8A52A0DE6D1225117C147466B8EBCD450
C:\Program Files\pandora_agent\util\mibs\rfclist	ASCII text, with CRLF line terminators	1F473B8772D452808E6660424889D068	1A532B9AD14343DA2A027D8461CBC44ECEED60B4	0A080BACBD45031FCCD0957EB3AE82F5CC8FCD7619341746FB193551DEFCA35C
C:\Program Files\pandora_agent\util\mibs\rfcmibs.diff	unified diff output, ASCII text, with CRLF line terminators	7237A2000168D729A0B46FBB386617A4	89959AE75DB6B5BF264A420FB6EF23B67D680DDF	D95F55C9CEC3A341211C5FC6743921F465021C6DA95080A22123AD53399DB427
C:\Program Files\pandora_agent\util\mibs\smistrip	POSIX shell script, ASCII text executable, with CRLF line terminators	BF4EC212880DBC98D95C1FC57620E311	67309EBDDCB2C79FE0209B37A3A34C5E9603D01F	FA1903625F62FAF92FFF921BF391D708352DD77F36DF19A62EE8C422C2A7995E
C:\Program Files\pandora_agent\util\moboinfo.vbs	ASCII text, with CRLF line terminators	C71F98F344B76D8C1BE38B795329545D	5847C338E8C92EABC3D235D7A4C86C36E3A38643	42458D745C46368C2A41EB617C53D81ACD7A61D9887C8238594CA9478156761D
C:\Program Files\pandora_agent\util\monitors.vbs	ASCII text, with CRLF line terminators	2F50C78B60B3167EF34B6DCDDB758101	2BB9F115E22BA4E39FE1A977985909736150EE20	0660172F85545EBF41DFFBEAD210401074208CA0939B1B40982212F8F7120EC2
C:\Program Files\pandora_agent\util\network.vbs	ASCII text	C68D28346571D388FD7DC1A1C8FB882E	388E24191C799CF2630CE8FD6FB013E3EA264571	D935B74E8E1F3D44C7268916CD70866C46516129ED5B048CC49B8521DA431574
C:\Program Files\pandora_agent\util\omnishell_client.exe	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows	891092A6F1C5FD063EF82A9FD33A3A38	6BA3F4856D1688889316FB6E708A74DE9679CB28	AD4D006CF2662A57F2E062B5ADBFE8702D2147EC4C4D3DC9A1019938FE7D5B22
C:\Program Files\pandora_agent\util\osversion.vbs	ASCII text, with CRLF line terminators	37D0905BF8B7250E92254BC5FF1A2461	710D94B929C2E3994CBDBA914B33E4D33F4F8B02	D8371011F50EAF1FF0EF0D60E70B812971858E9FC7B64D6ACA8DAD073862309D
C:\Program Files\pandora_agent\util\pandora_agent_exec.exe	PE32 executable (console) Intel 80386, for MS Windows	C586E2E13D4AB81AA11B9438E4E0012D	BA0912109EB64821CBB73D0C128D75C80992BA21	B5C954A39865A1DF484C752AD0B050F3B160EC35CA39DB390F8D05E0645D8C80
C:\Program Files\pandora_agent\util\pandora_hardening.exe	PE32 executable (console) Intel 80386, for MS Windows	CF9BDCE023A2CAE6E819B3430E589F14	8E8E542BC5D2482247BB5F17806B3AD9BAA1D174	520619D823DD5396CC90DE59E745D9AB3872D25D85358C9ABB4890987B5F5426
C:\Program Files\pandora_agent\util\pandora_revent.exe	PE32 executable (console) Intel 80386, for MS Windows	AFD42E3F57F210E0DF11CF42F21C9399	156C75B179814FB66A0EC6B05574BB7D287DC0C9	1C26EEF4BE3D59C81EE6A89D3E4A44BC665610AD1ADD34A203BC29DA8D653E69
C:\Program Files\pandora_agent\util\pandora_security_win.conf	Unicode text, UTF-8 text	6439F7133C16D39683E7FF7B8B62A05B	0350EB60B58BB4FF0E0027FBA77CCD089DE7C556	F298F6C812CEE5203B34D3E39066C41DDF6B59C0B034890DFDA33AF373942392
C:\Program Files\pandora_agent\util\pandora_security_win.exe	PE32 executable (console) Intel 80386, for MS Windows	0CDB81A93D8ACC37CAC5AB989B167A0D	1E700C9CE281F1550B1DFB42E1256D678FEC53A4	293DC77D39C303793A73BF83A2698C5886331F24B8ABED4A40566474A64E3F60
C:\Program Files\pandora_agent\util\pandora_update.exe	PE32 executable (console) Intel 80386, for MS Windows	054DE53F006DF040515328FDC3F201A7	FAC30CB84C35EAADA82E73D191EE6E1F65EE6C2F	815117B7FA89060961E5132BD73CF94AEF47D1F704AEF7A8E6E9DDFBCB193A5D
C:\Program Files\pandora_agent\util\printers.vbs	ASCII text, with CRLF line terminators	5C5CDEA9EC4B247B200E81DFC6880AEB	FF22F48C0B5F9CB043F8746C99DFA96A8B01A6ED	505273AE2F86FB7664D0A9049480FAB6038CDBF6E1D09991A10B2C9B9C77AF21
C:\Program Files\pandora_agent\util\productID.vbs	ASCII text, with CRLF line terminators	EE8E29D3C6B6F277700456C5F4100642	0225D4D2F6DF3DD45610FD0642D73E5A7FACE08B	48A41B238A5BA8C6362C7654827F002661259BF59072530100DB504FE89988FF
C:\Program Files\pandora_agent\util\productkey.vbs	ASCII text, with CRLF line terminators	B352E6BA27360CF6D009F359EB285C70	44119310DEC61ED0BA61985A076E1908F755D8E9	A2854D50425B8DBBA4E52CB4CA5BED9A00B2B1D375CF576FF1E80944FDFE9202
C:\Program Files\pandora_agent\util\ps.vbs	ASCII text, with CRLF, LF line terminators	8F7FDD867C6A1931489974DCB976E9F7	3B8B46F3D90C3B6C454110909D091BAF1CFD075D	741084C53D981710EECFC53328652EA8F8FC3F77C5F1D06A520271206746A7B3
C:\Program Files\pandora_agent\util\puttygen.exe	PE32 executable (GUI) Intel 80386, for MS Windows	76E59B0D2321C46056D49BF7DD97F701	0BAF1A8642930475986DD758F37FC39FE5F162CC	20EFF99E60F94644BFBC6AA2DD4E1B76B1B3B70442FF0BEC442C4D7FB2D697FF
C:\Program Files\pandora_agent\util\raminfo.vbs	ASCII text, with CRLF line terminators	D5AB421119A9A389CCB4D691B7B04EF4	4B2BB2E4F0BF4FFB03120D85AC473156F5C4724C	E8D557349D3129FF16D932AB8F6D1B21832C42760859520EF81AA9393CDD65F7
C:\Program Files\pandora_agent\util\route_parser.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	36C8D65325EA3282F2860FF2B24E6469	5EA92004B2816FC9DD9212DF995AD4089FB05A0D	13AF3EE5D0C31D794F82D8AD53B29A8239F157C4F60F5C278B5CA977C81B0314
C:\Program Files\pandora_agent\util\snmpget.exe	PE32 executable (console) Intel 80386, for MS Windows	46808595676EA16489DC759B9682AC07	5822D3220E636073525D844B73C31CF2676019E3	3278EA0EA4CFA74732073A83D0BF87328F23F0267DB2627307B5235C77157ED1
C:\Program Files\pandora_agent\util\software_installed.vbs	Ruby script, ASCII text, with CRLF line terminators	4EB48C8F77A2A0A6B4EB76C323B652B1	71CD568E7B0CAC09E2C75089F18214524A0FA506	80AE8C679ABFEF3AF24ADE0DAB86FFCA0D6450042A5E6E651AE6CFF74F36A828
C:\Program Files\pandora_agent\util\sort.exe	PE32 executable (console) Intel 80386, for MS Windows	81E47BCA760F328966888D6A600CC557	0BE37750001A4C608C90E19BFA5383CB7DA11DD6	F821393D4226EFFA4ED508E9D0B5C9C3D601F493817B8BBA3871E2EA5D18D0E6
C:\Program Files\pandora_agent\util\tail.exe	PE32 executable (console) Intel 80386, for MS Windows	7460B4BAB940E2234A3A278BB0D8435B	41FBCF756522E86941E34D6E819502CE727EBDEE	CA301CDE5B700EF7160CDF1F3ACC6710DA59958B8613DBE0ABD2FD8120DFC0ED
C:\Program Files\pandora_agent\util\tentacle_client.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	C48D41A6BF6A9131AE71CE8EFB2E38D4	31C3F2BA100A15A35E9518767A99A8327D5A9BD3	384EEF00B549C8900E5597832E378167C8E04683E7D6B47B6081CAFB8B3B0F9E
C:\Program Files\pandora_agent\util\tentacle_server.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	FF5A98ABCB286C73CAA6C7F16511CF85	42FF6A0B43B67CE3809BD584F7F381AA377F07C6	654DA30AE33580EAEA8F0E6A254C6D88D027E59C5DD4A077DD2E85FC0B6DABAD
C:\Program Files\pandora_agent\util\tr.exe	PE32 executable (console) Intel 80386, for MS Windows	4D3417B47936BBDD31D7278B7397778F	CBAB359993C37D9F02CD444BF4F072DD574F186A	6CE74B29611094549D0B939A728062F2252BAC1286BE742494492E4FFF8F0A9B
C:\Program Files\pandora_agent\util\unzip.exe	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows	FECF803F7D84D4CFA81277298574D6E6	0FD9A61BF9A361F87661DE295E70A9C6795FE6A1	81046F943D26501561612A629D8BE95AF254BC161011BA8A62D25C34C16D6D2A
C:\Program Files\pandora_agent\util\userslogged.vbs	ASCII text, with CRLF line terminators	4ABDE505716333DE1F5A041ACCAEA239	AD5B8D09704E5236301A59F7A5951A8D86B14DC0	2E5712DFB212392C3C3C5D36EF04180B24D3E8674A0974F7ABA55DA410E4E9E0
C:\Program Files\pandora_agent\util\videocardinfo.vbs	ASCII text, with CRLF line terminators	AF7DDEA4DA813ACD636BD673742A1326	95EB5524FDBC8F16A62519B81F1370C7A006E271	395865447A4A31CCDF7E9FD8889B795C22C081481BF9C3D68507CFD6CC5DF3A4
C:\Program Files\pandora_agent\util\wc.exe	PE32 executable (console) Intel 80386, for MS Windows	D4F05A27C3C2BFC97792B47158097ADD	016D8B597B72CB5146775B99690CC7E32552BE4B	9822EF1FF90DE685FC78D0061B27F9F15676BCAB9D6C21383DC027FA5066FD8B
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Edit Config File.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Mon Oct 28 09:39:08 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Mon Oct 28 09:39:08 2024, length=63, window=hide	F5CAC22BDF1419F1A502C8EA38B4E478	0B4F177CCA4B6B3ACDC5603A66BCE9258502710A	BB4EAE5E280AA661164FFBD4DC6C4ADFDA950845E3A641212CB4D68130810AE3
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_start.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=26, window=hide	B3ECE252D7C10448E1DA4F47549D00E4	086D82B29EF36BA1BDE60C0AD5348A7FD9B41A8F	42D98E498B68DF48C1B2FCD3ED3D3671B1905620E5237AA11B8242667F672401
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\PandoraFMS_Agent_stop.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=25, window=hide	2067AFAB54B4003110F56FC78DEADA11	7F9DE5EC9283C312E23C4A87F92215851367845F	27C8D7CE72141CE0AFBD7DAC4F2B8DEBD9885F597AEEBB313BBC83ACCB7FF02D
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\README.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=15956, window=hide	C674E833A4A179D44F39CCB6383E2D12	8C756A0FFEBE823B07106CA719E935A7C2A397F4	E89274BAE1075DF3C8F93EB5A5C2486119AE32512B3BD145CA5D9E7809C89961
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Uninstall.lnk	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide	9A5D51F41E4F2A40186C7D506416BE11	E0300E04E410536DD9220AF94D2D106BFD4E03F7	82BFA995CA3EF53ABA6AC1BF614AE77C9034B69D11096CA38F11F82F9A0CC939
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PandoraFMS_Agent_v7.0NG.777.1\Website.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Mon Oct 28 09:39:13 2024, mtime=Mon Oct 28 09:39:13 2024, atime=Mon Oct 28 09:39:13 2024, length=51, window=hide	288D2403307459137F1DA7473C6E3044	C57791D76791421D9B916D07BAE9BB9B602830BA	A962D8F54396A6045ADC5B2A0A991EB37807BBF885DE2386F34553FDE03125C9
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\LangDLL.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	5BF7D04824AC42BAD8263E5CEDA265C5	7B714893EB1FE451F6E8AF310ECFAC8447610C40	DFCFC47116FA2A8EB598D89DDC3E2BF4FAC44D62E670FE615425E7300F43F860
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\System.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	8643641707FF1E4A3E1DFDA207B2DB72	F6D766CAA9CAFA533A04DD00E34741D276325E13	D1B94797529C414B9D058C17DBD10C989EEF59B1FA14EEA7F61790D7CFA7FD25
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\modern-wizard.bmp	PC bitmap, Windows 3.x format, 164 x 314 x 24, image size 154488, resolution 4724 x 4724 px/m, cbSize 154542, bits offset 54	4F22F89EA4727F2BBD5A6F4332A73AF4	69899A43FAC387323A4E5C6E70875D9ECCAE11C5	2442B4828CE145B60FDDB66E13C422561E8AD37C417C8FE2488AE3C48D59B246
C:\Users\user\AppData\Local\Temp\nsiBE5B.tmp\nsDialogs.dll	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows	79A0BDE19E949A8D90DF271CA6E79CD2	946AD18A59C57A11356DD9841BEC29903247BB98	8353F495064AAF30B32B02F5D935C21F86758F5A99D8EE5E8BF8077B907FAD90
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=15956, window=hide	AC98BB6C7FB33AA2C54F399249ABC68B	8024116306065C04136E0963C238707D74290BDF	01A6FB5C07236663648F27708CC61749FC2F2AA51A26F4D15627E0A96E835EBD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Pandora Agent.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=26, window=hide	5C9399B593766DE6B8BB91A9A5B1EF70	81677E186E3782BE84B5212041764BE481B3DF36	B49D68DC19857CEC022EEDF27EAB1B580E08BE4E667C3E9ECED18F6C9F7A177B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Stop Pandora Agent.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Archive, ctime=Wed Aug 14 08:14:00 2024, mtime=Mon Oct 28 09:39:08 2024, atime=Wed Aug 14 08:14:00 2024, length=25, window=hide	B186C18402A1E58BDB50EADF87850AFD	FC32ED803E9479C5644466AAF1711771281802C6	8C03EFEAA4EAF5B1E6F5B39A3B296482B653DB9463846926375346119C554951
\Device\ConDrv	ASCII text, with CRLF line terminators	AE02717466D6E7F8B244F460FEDC4495	229150B5843F39D25BBA9C3EB48A7E08AA7E1744	099E6C2AB5F48E7AD0689F1D37696D80877411F52837EE39B04D5F99BF95CFD1

Windows Analysis Report PandoraFMS_One_Agent_Windows-lts.x86_64.exe

Overview

General Information

Detection

Compliance

Signatures

Classification

Signatures

AV Detection

Cryptography

Privilege Escalation

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Windows Analysis Report
PandoraFMS_One_Agent_Windows-lts.x86_64.exe